Cass Global Data Privacy Policy

Global Data Privacy Policy

Unlike ever before, data privacy and the protection of personal information are of paramount concern to our transportation, utility, telecom, waste, and banking customers, vendors, and business partners around the world.

Whether you are interacting with Cass Information Systems, Inc. directly, working with one of our corporate affiliates, or are engaging us through one of our websites, we at Cass want you to know that we respect your privacy and are committed to safeguarding your personal information. This is why we want you to have a clear picture of how we intend to treat personal information and how it will be processed and managed by us.

As a company serving diverse sectors worldwide, we have put in place policies and procedures to ensure that the personal information we process is properly protected in compliance with the latest data privacy laws and regulations. These policies and procedures are indicative of the same level of care and forethought that we deliver to our customers every day so that they may achieve greater visibility, control, and efficiency in their supply chains, communications networks, facilities, and operations.

If you have any questions regarding this Global Privacy Policy or any of our related privacy policies, procedures, or statements, please do not hesitate to contact our US Privacy Manager at privacy@cassinfo.com.  Moreover, you will always be able to locate this Global Privacy Policy, as it is prominently displayed on our primary website at cassinfo.com.

Last Updated: January, 2024

Sincerely,

Martin Resch, CEO

 


 

Global Data Privacy Policy Overview

Scope

This Global Privacy Policy applies to all customers, contacts, vendors, and agents of Cass Information Systems, Inc., Cass Commercial Bank, Cass Europe, B.V., and Cass TEM UK Limited (“Cass”, “we/our/us”), and all visitors to our websites, except as specified herein.

Personal Information/Data

We receive personal information and data directly from you and in our transactions and trusted interactions with you.  We may also automatically collect personal information on our websites. For more information about our use of cookies on our websites, please visit our Cookie Policy. We also on rare occasions receive personal information about you from verification services and commercial sources, such as to acquire permission-based marketing lists.

Uses

We primarily use your personal information to provide (and facilitate the provision of) our services to our customers as well as to respond to their inquiries for the same.

We also use your personal information to market to you, to communicate with you, to manage our business operations, and to comply with our legal obligations.

We explicitly do not “sell” (in the traditional sense of this term) your personal information to outside parties, including, but not limited to, marketers.  We do, however, provide your personal information to third party service providers for legitimate business purposes.

We will keep your personal information for as long as we have an active relationship with you. Once our relationship with you has come to an end, we will only retain your personal information for legitimate business purposes, such as business record auditing, statutory record retention, the defence or maintenance of a legal claim, or complaint handling and resolution purposes. We will delete or anonymize your personal information when it is no longer required for these purposes. 

Nonetheless, you have the right to review and correct your personal information that we have received from you. You also have the right to request that personal information collected be erased before the end of our normal information retention periods.

Information Security

We are also concerned with the security of your personal information and take great care in implementing appropriate physical, technical, and administrative controls to protect your personal information. Unfortunately, no information transmission over the Internet, or maintenance and processing of personal information, can be guaranteed to be 100% secure.

Choices

We only market our services to you with your consent, based on your marketing preferences. You may create or change your privacy preferences in connection with our marketing efforts by contacting one of our Privacy Managers at privacy@cassinfo.com.

You may also amend your cookie preferences for any our websites through your browser settings. However, in addition to marketing and analytics reasons, please remember that cookies are often necessary to enable and improve certain functions of a website, including our own websites.  If you choose to switch off or disable certain cookies, it is likely to affect how our websites work on your computer, smartphone, or device.

Cass Europe and Cass TEM UK

Cass Europe and Cass TEM UK, our corporate affiliates in Europe, have taken appropriate measures to comply with the European Union’s (“EU’s”) General Data Protection Regulation (“GDPR”). Their externally-facing GDPR privacy statement may be found here and applies to the personal information of their customers, contacts, vendors, and agents, when the GDPR applies to such personal information.

HR Personal Information

We take the privacy of our employees’ personal information seriously as well.  In time, we aspire to apply a single set of standards for all employee and non-employee personal information that we process, regardless of the citizenship or residency of the data subject.  But for the time being, US-based Cass employees can obtain a copy of our domestic internal privacy statement by contacting one of our US Privacy Manager at privacy@cassinfo.com and EU resident employees can obtain a copy of our internal privacy statement for Cass Europe and Cass TEM UK by contacting our EU or UK Privacy Managers at +31 76 5315 384 or +44 1256 679510, respectively. 

EU-U.S. Data Privacy Framework

We also elect to comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) regarding the collection, use, and retention of personal information transferred from the EU and European Economic Area (“EEA”) member countries. Our EU-U.S. DPF Policy can be found here.

California Residents

California residents have certain rights regarding their personal information under the California Consumer Protection Act (“CCPA”) and other applicable laws. More information about rights for California residents can be found here or by calling us on 314-506-5500. You can designate an agent to exercise rights for you.  Please note that we may take reasonable steps to verify your identity before implementing your rights request, including asking you to provide identification, if necessary.

Updates

If we substantially change this Global Privacy Policy, we will notify you of the updates. Any changes will be effective immediately upon the posting unless otherwise indicated. Where changes to this Global Privacy Policy will have a fundamental impact on the nature of processing or otherwise have a substantial impact on you, we will give you sufficient notice so that you have the opportunity to exercise your rights. 

How to Contact Us

We encourage you to review this Global Privacy Policy in its entirety.  Should you have any questions or concerns about our privacy practices and/or our privacy policies, procedures, and statements, please do not hesitate to contact our US Privacy Manager at privacy@cassinfo.com or write to us at:

Cass Information Systems, Inc.

Attn: US Privacy Manager

12444 Powerscourt Drive, Suite 550

St. Louis, MO 63131

United States

Global Privacy Policy

This Global Privacy Policy applies to the processing of personal information of all customers, contacts, vendors, and agents of Cass and all visitors to cassinfo.com and cassbank.com, except as specified herein.

Click on one of the links below to jump to a specific section: 

  • Personal Information We Collect and How We Use It
  • Information We Collect by Automated Means
  • How We Share Personal Information
  • Links to Other Sites
  • How We Protect Personal Information
  • International Transfers of Personal Information
  • How Long Personal Information Is Retained
  • Changing and Updating Your Personal Information
  • Children
  • California Residents
  • Updates to Our Global Privacy Policy
  • How to Contact Us

Personal Information We Collect and How We Use It             

We may collect personal information from individuals through our websites or by other means (such as email, mail, phone, business contact information, and other third-parties, such as commercial data vendors and public databases). The principal ways you may provide the information and the types of information you may submit, as well as the ways we may use the information, are detailed below. 

Business Purposes

On our websites you may be able to register your personal information to gain access to information related to our business relationship with you or the services we offer. We use these details to provide you with access to information about your business relationship with us and to facilitate your use of the websites.  You may also choose to provide, or we may obtain, your personal information at trade shows. It is in our legitimate business interests to use this personal information so that we can manage our business relationships and carry out marketing and sales activities.

Careers 

Individuals apply for jobs with Cass through our primary website, third-party job posting sites, job fairs, or directly at our various physical locations.  The personal information job seekers provide through this process is often maintained by third-party service providers. This personal information may be maintained in locations within the United States, accessible to our recruiting team, and may be shared with our corporate affiliates in other parts of the globe for the purpose of evaluating job seekers for permanent and temporary positions with our company. The personal information submitted by job seekers, such as name, contact details, and any other information relevant to the application is used to evaluate their qualifications for employment and to contact them regarding possible employment opportunities. It is in our legitimate business interest to use this personal information in the selection process and to communicate with you, and it is necessary to provide us with this personal information so that we can assess and evaluate your application.

Contact 

You may contact us with questions, requests, or comments through the “Contact” link on our websites or via the contact information provided in the “How to Contact Us” section of this Global Privacy Policy.  When you do so, we may ask you for your personal information to verify your identity or to track the inquiry internally to ensure we appropriately respond to your questions, requests, or comments. 

Contractual Obligations 

If you are a vendor or an independent contractor, we may ask you to provide personal information such as your name, contact details, or business and financial details to establish and administer your account, process payments, and for compliance with internal and legal requirements.  We use your personal information for these purposes so that we can comply with our contractual obligations to you.

Feedback 

You may be able to submit feedback on our websites.  If you choose to give us your feedback, we may ask you for your personal information. We may also ask you about your experience using our websites. It is in our legitimate business interest to use the personal information you provide to enhance our websites, evaluate the quality of our services, or to communicate with you about our services. 

Information Technology Security 

We may collect personal information when detecting and defending against security threats in accordance with our legitimate business interests and our legal obligations. We use various IT tools to detect and defend against online security threats (e.g., attacks, viruses, malware, spam, phishing, malicious web content), to promote business continuity of our information systems and assets, and to maintain optimal performance of our IT systems. To ensure physical security of our facilities we may, where permitted under local law, utilize surveillance systems while you are on Cass property.

Other Uses of Information 

We may use the personal information for internal general business purposes in accordance with our legitimate business interests. These purposes include administration of our websites, data analytics, fraud prevention, and compliance with our legal obligations, standards, policies, and procedures (including due diligence checks and sanctioned and embargoed screening, where necessary). 

We may obtain your explicit consent to collect and use certain types of personal information when we are required to do so by law.

Information We Collect by Automated Means

When you visit and interact with our websites, we may collect other information that does not inherently reveal your specific identity, in order to learn how to best tailor our website for our visitors’ needs.  Examples of what other -information we may collect and how we and third-party service providers may collect this information include:

Aggregated Information 

Aggregated user information does not personally identify you or any other user (for example, we may aggregate user information to calculate the percentage of our users who come from a particular region).  Aggregated data is treated in accordance with the terms of this Global Privacy Policy.

Browser and Device Information

Certain information is collected by most browsers or automatically through your device, such as your computer type, operating system, name and version, device manufacturer and model, Internet browser type and version, and the name and version of the online services you are using.  We use this information to ensure that our websites function properly.

Cookies

Cookies are pieces of information stored directly on the computer or mobile device that you are using.  Cookies allow us to collect information such as browser type, time spent on the online services, pages visited, referring URL, and other aggregated website traffic data.  We and our third-party service providers use the information for security purposes, to facilitate navigation, to display information more effectively, to collect statistical information, and to personalize your experience online. At this time, we do not respond to browser “Do-Not-Track” signals except in jurisdictions where we are required to do so by law. Further details about our use of cookies can be found in our Cookie Policy.

IP Address 

Your IP address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider.  An IP address may be identified and logged automatically in our server log files whenever a user accesses the online services, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications, and other services. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering our online services. We may also derive your approximate location from your IP address to understand from what regions of the world our website visitors come.

Pixel Tags or Similar Technologies

Pixel tags (also known as web beacons and clear GIFs) may be used in connection with some online services to, among other things, track the actions of users of the online services (including email recipients), measure the success of our marketing campaigns, and compile statistics about usage of the online services and response rates. We also use Google Analytics, which uses cookies and similar technologies, to collect and analyze information about use of our services and report on activities and trends. These services may collect information regarding the use of other websites and online resources. You can learn about Google’s practices by going to www.google.com/policies/privacy/partners/, and you can opt-out by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.

How We Share Personal Information  

We do not sell or otherwise disclose your personal information except as described in this Global Privacy Policy.  We may also share your information as disclosed at the time you provide it and in the following other circumstances:

Business Transfers

We may disclose your personal information, usage information, and other information about you to parties acquiring part or all of our assets, as well as to attorneys and consultants. If we transfer your information to an acquirer, we will use reasonable efforts to direct the acquirer to use your information in a manner that is consistent with this Global Privacy Policy. Also, if any bankruptcy or reorganization proceeding is brought by or against us, your personal information may be considered a company asset that may be sold or transferred to third parties.

Corporate Affiliates

We may share the information you provide (such as information about your orders, enquiries, applications, or use of our websites) with our corporate affiliates for marketing, recruitment, and internal reporting purposes.  We do this to run our business more efficiently and to have a better understanding of our business relationships across business lines.

Law Enforcement Agencies, Courts, Regulators, Government Authorities, or Other Third Parties 

We may transfer and disclose your information to third parties (i) to comply with a legal obligation, (ii) when we believe in good faith that the law requires it, (iii) at the request of governmental authorities conducting an investigation, (iv) to verify or enforce our policies, procedures, terms of use, and other agreements, or to protect the rights, property, safety, or security of Cass, our customers, vendors, business partners, or others, including visitors of our websites, (v) to respond to an emergency, (vi) or to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity when we believe disclosure is necessary or appropriate.

Marketing Partners

In some cases, we may permit certain network advertising companies and publishers to collect personal information on our websites. In addition, our business partners may access personal information about you that we have combined with such business partners’ data. We may collaborate with our business partners to jointly send tailored promotional communications to you using the combined set of information.  If you prefer not to receive these joint communications, you can opt out by following the instructions included in any such communication.

Non-Personal Information 

We may share non-personal information, such as aggregate user statistics, demographic information, and usage information with third parties.

Sharing With Your Consent

At times, in the course of providing our services we may present you with the opportunity to opt in to receive information or marketing offers from third parties or to otherwise consent to the sharing of your information with third parties. If you agree to have your personal information shared, your personal information will be disclosed to the third party and will be subject to the privacy notice and business practices of that third party.

Third-Party Service Providers

In order to carry out your requests, to make various features, services, and materials available to you through our services, to respond to your inquiries, and for other purposes described in the “How We Use Your Information” section of this Global Privacy Policy, we may share your personal information or usage information with third parties that perform functions on our behalf  for legitimate business purposes, such as companies or individuals that: host or operate our websites; analyze data; provide customer service; manage payments; advertisers; sponsors; or other third parties that participate in or administer our promotions, e-commerce activities, or assist with risk management, compliance, legal, and audit functions. These service providers are not authorized by us to use or disclose the information except as necessary to perform services on our behalf or to comply with legal requirements.

Links to Other Websites   

Our websites and communications may provide links to other websites, including to social networks or business partners that may use our logo(s) as part of a co-branding agreement.  To the extent that any linked services are not provided by Cass, we are not responsible for the services, or any of the content found on these websites.  If you provide information on and use third-party services or websites, the privacy policy and terms of service on those websites are applicable.  We encourage you to read the privacy policies of websites that you visit before submitting your personal information, as these third parties have their own collection practices which may be different than those of Cass. Also, please be advised that if you disclose personal information or personally sensitive information through public forums or message boards, this information may be collected and used by others. We do not monitor these public spaces and take no responsibility for the content, security, or confidentiality of any information posted thereon.

How We Protect Personal Information   

In proportion to the sensitivity of the information, we maintain reasonable administrative, technical, and/or physical safeguards and appropriate security measures to protect personal information from loss, misuse or unauthorized access, disclosure, alteration, or destruction of the personal information provided. However, we cannot absolutely guarantee the security of personal information, as no electronic data transmission or processing of information is completely secure. If an incident is reported affecting your personal information, we will investigate and comply with all required reporting obligations.

International Transfers of Personal Information

Cass is a global organization - headquartered in the United States – that does business in many countries around the globe. We may share your personal information among Cass corporate affiliates, our service providers, and other third parties that may be located in countries outside of your own. Although the data protection laws of these various countries may differ from those in your own country, we have put in place appropriate safeguards (such as contractual commitments) to ensure that your personal information is handled as described in this Global Privacy Policy and in accordance with the law. For transfers of data coming from the EU or the EEA, we comply with EU-U.S. Data Privacy Framework. Our EU-U.S. DPF Policy can be found here. For more information on the appropriate safeguards in place, please contact us via the contact information provided in the “How to Contact Us” section of this Global Privacy Policy.

How Long Personal Information Is Retained

We will keep your personal information for as long as we have an active relationship with you.  Once our relationship with you has come to an end, we will retain your personal information for a period of time that enables us to:

  • Maintain business records for analysis and/or audit purposes;
  • Comply with record retention requirements under applicable law;
  • Defend or bring any existing or potential legal claims; and
  • Address and resolve any complaints regarding our services.

We will delete or anonymize your personal information when it is no longer required for these purposes.  If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to safeguard any further processing or use of the personal data.

Please note that you have the right to request that personal information collected from you be erased and forgotten before the end of our information retention periods. 

Changing and Updating Personal Information

You have the right to review and correct the personal information that we have received from you. We encourage you to contact us to update or correct your information if it changes or if you believe the personal information we hold about you is inaccurate. Please note that we will likely require additional information from you in order to verify your identity and respond to your requests. If you would like to update your information, please contact us via the contact information provided in the “How to Contact Us” section of this Global Privacy Policy. We will timely respond to your request. 

Children

Our services are not directed to children under the age of sixteen (16).  We do not knowingly collect personal information from anyone under sixteen (16) without parental consent.  If you become aware that we have collected personal information from a child under the age of sixteen (16) without parental consent, please let us know so that we can take appropriate action. 

California Residents

If you are a California resident and have provided us with your personal information, you may ask us to refrain from sharing your personal information with third parties, including our corporate affiliates, if they are separate legal entities, for direct marketing purposes.  Please tell us your preference by contacting us via the contact information in the “How to Contact Us” section of this Global Privacy Policy. In addition, California residents have the access, deletion, knowledge, opt out, and portability rights described below. In the event of any conflict between this section on California residents and the rest of this Global Privacy Policy, this section on California residents shall prevail.

Personal Information

For purposes of this section on California residents, “personal information” means “information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”  Cal. Civ. Code § 1798.140(o)(1).

Personal Information Does Not Include:

  • Publicly available information from federal, state, or local government records.
  • De-identified or aggregated consumer information.
  • Information excluded from the CCPA’s scope, like:
    • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data; and
    • Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.

Categories, Purposes, and Disclosure of Data Collected

The categories and purposes of collection of personal information are described in the section “Personal Information We Collect and How We Use It” above and reflect how we intend to and how we have collected and used information in the twelve months prior to the effective date. The Section “How We Share Your Data” above describes how we intend to and have disclosed personal information in the twelve months prior to the effective date. We will not collect further information or use your personal information for additional purposes without providing you additional notice.

Categories and Purposes of Personal Information collected from California Residents

Category

Examples

Collected

A. Identifiers.

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.

YES

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).

A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.

YES

C. Protected classification characteristics under California or federal law.

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

NO

D. Commercial information.

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

YES

E. Biometric information.

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

NO

F. Internet or other similar network activity.

Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.

YES

G. Geolocation data.

Physical location or movements.

YES

H. Sensory data.

Audio, electronic, visual, thermal, olfactory, or similar information.

NO

I. Professional or employment-related information.

Current or past job history or performance evaluations.

YES

J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.

NO

K. Inferences drawn from other personal information.

Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

NO

 

Use of Personal Information of California Residents

The section “Personal Information We Collect and How We Use It” above reflects how we intend to and how we have used personal information of California residents in the twelve (12) months prior to the effective date of this policy. We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Sharing Personal Information

We may disclose your personal information to a third party for a legitimate business purpose. When we disclose personal information for a legitimate business purpose (which we have done in the preceding twelve (12) months), we enter a contract that describes the purpose and prohibits the recipient from: (1) selling the personal information; (2) retaining, using, or disclosing the personal information for any purpose other than for the specific business purpose specified in the contract; and (3) retaining, using, or disclosing the information outside of the direct business relationship with us. 

We intend to disclose, and in the preceding twelve (12) months have disclosed, the following categories of personal information for a business purpose:

Category A: Identifiers.
Category B: California Customer Records personal information categories.
Category D: Commercial information.
Category F:  Internet or other similar network activity.
Category I:  Professional or employment-related information.

We disclose your personal information for a legitimate business purpose to the following categories of third parties:

  • Our corporate affiliates.
  • Service providers.
  • Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you.
  • If you are an employee of a customer, your personal information may be disclosed to third parties engaged to perform services for such client and whom we interface with on such client’s behalf.
  • If you are engaged to perform services for one of our clients, your personal information may be disclosed to such client.

In the preceding twelve (12) months, we have not sold any personal information, in the traditional sense of the word.  Further, we have not disclosed to other third parties any personal information for monetary or other valuable consideration within the twelve (12) months preceding the date of this Global Privacy Policy.

Rights to Access, Knowledge, and Portability

You have the right to request that we disclose certain information to you about our collection and use of your personal information. Once we receive and confirm your verifiable consumer request, we will disclose to you, as it pertains to the twelve (12) months prior to the request:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our legitimate business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).
  • If we sold or disclosed your personal information for a legitimate business purpose, two separate lists disclosing:
  • Sales – identifying the personal information categories that each category of recipient purchased; and
  • Disclosures for a business purpose – identifying the personal information categories that each category of recipient obtained.

Rights to Deletion

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

  • Complete the transaction for which we collected the personal information, provide a service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act.
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Opt-out of the Sale of Personal Information

Beginning January 1, 2020, California residents have the right to opt out of the sale (or disclosure for other valuable consideration) of personal information about them or their household, such as (though not limited to) their name, postal or email address, and other personally-identifying information.

This right is subject to certain exemptions. For example, the law does not apply to information that has been aggregated and/or de-identified such that it could not reasonably be used to identify you. It also does not apply to information that we share with third-party service providers in order for them to perform certain business functions for us.

If you would like to opt out, please send your request to privacy@cassinfo.com.

Our services are not directed to children. As such, it is not our intention to sell personal information of children under the age of sixteen (16), children between the ages of thirteen (13) and sixteen (16) may affirmatively opt-in to the sale of personal information. Children below the age of thirteen (13) may only consent to the sale of personal information with parental consent.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights, as well as the opt-out rights described above, please submit a verifiable consumer request to us by either:

Only you or (a) a natural person that you authorize to act on your behalf or (b) a business entity registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. To authorize an agent to submit a request on your behalf, we will require that you provide written evidence that you have granted the authorized agent permission to make such a request, and we will verify your identity.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you services.
  • Charge you different prices or rates for services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of services.
  • Suggest that you may receive a different price or rate for services or a different level or quality of services.

However, we may charge you a different price or rate, or provide a different level or quality of services to you, if that difference is reasonably related to the value provided to you by the use of your personal information.

Response Timing and Format

We will confirm receipt of a rights request within ten (10) days of receipt and provide information regarding how we will process the request. We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing.  If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Updates to Our Global Privacy Policy

We may modify or update this Global Privacy Policy from time to time. We will always indicate at the top of this policy when it was most recently updated.  If we substantially change this Global Privacy Policy, we will notify you of the changes. Any changes will be effective immediately upon the posting unless otherwise indicated.  Where changes to this Global Privacy Policy will have a fundamental impact on the nature of processing or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights. 

How to Contact Us

If you have any questions or comments about this Global Privacy Policy or if you would like us to update information we have about you or your preferences, please email, write, or call the following applicable contact at Cass or one of its corporate affiliates:

Cass Information Systems, Inc.

US Privacy Manager

12444 Powerscourt Drive, Suite 550

St. Louis, Missouri 63131

privacy@cassinfo.com 

or

Cass Europe B.V.

EU Privacy Manager

Graaf Engelbertlaan 75

4837 DS

Breda

The Netherlands

+31 76 5315 384

or

Cass TEM UK Ltd.

UK Privacy Manager

Belvedere House

Basing View

Basingstoke

RG21 4HG

United Kingdom
+44 1256 679510