Last Updated: December 2, 2020
This Privacy Statement describes the types of information the CRI group of companies which includes CRI, Inc., CRI Advanced Analytics, Auditwerx, Paywerx, CRI Capital Advisors, Preferred Legacy Trust, Level Four Advisory Services, CRI TPA Services, and subsidiaries and affiliates, (collectively, “CRI”, “we,” “our,” or “us”) collect through our websites, including the website at www.CRICPA.com (our “Sites”), as well as all related websites, networks, applications, and other services provided by us and on which a link to this Privacy Statement is displayed (collectively, with the Sites, our “Service Offerings”). This Privacy Statement describes the information that we gather from you in connection with our Service Offerings, how we use and disclose such information, the steps we take to protect such information, and how you can exercise your data protection rights.
If you have any questions or concerns about our use of your personal information, then please contact us.
If you are unable to access this Privacy Statement due to a disability or any physical or mental impairment, please contact us and we will arrange to supply you with the information you need in an alternative format that you can access.
When you use our Service Offerings, you voluntarily provide us with information about you. We use this information for the following business and commercial purposes:
When you use our Offerings, we may collect certain information automatically from your device, including information like your Internet Protocol (IP) address, operating system, device type, unique device identification numbers, browser-type, broad geographic location (by use of GPS or other geolocation features of your device) and other technical information. We also collect information about how you use our Offerings for purposes of facilitating your use of our Offerings, including securing, managing, measuring, improving, and/or supporting our Offerings as well as to enable us to develop and market additional products and services. We may also collect information about how your device has interacted with our Offerings including our Sites, including the pages accessed and links clicked. Some of this information may be collected using cookies and similar tracking technology. We use these cookies or similar technologies to understand and analyze the usage trends and preferences of our users, enhance and develop new products, services, features, and functionality, administer our Offerings, track user’s movements around our Offerings, store preference information in our Offerings, serve targeted advertisements, and gather demographic information about our user community as a whole.
From time to time, we may receive personal information about you from third-party sources, but only where we have checked that these third parties either have your consent (where required by law) or are otherwise legally permitted or required to disclose your personal information to us. For instance, we may obtain information such as your contact details, job title, company and interest from third parties, such as our partners and advertisers, and from other sources outside of our Offerings, including from certain offline sources such as trade shows or publicly available sources, to market our Offerings or services and products offered by third parties, in accordance with your marketing preferences.
CRI’s website, like most websites, gathers certain information automatically to analyze trends in the aggregate and administer our Offerings. This information may include your IP address (or the proxy server you use to access the World Wide Web), device and application identification numbers, your location, your browser type, your Internet service provider and/or mobile carrier, the pages and files you viewed, your searches, your operating system and system configuration information, and date/time stamps associated with your usage. Due to Internet communications standards, when you visit or use our Offerings, we automatically receive the URL of the website from which you came and the website to which you go when you leave our Offering. This information is used to analyze overall trends, to help us improve our Offerings, to track and aggregate non-personal information, and to provide the Offerings.
CRI websites or other Offerings may use social media features, such as the Facebook “like” button (“Social Media Features”). These features may collect your IP address and which page you are visiting on our website, and may set a cookie or other similar technologies to enable the feature to function properly. You may be given the option by such Social Media Features to post information about your activities on our Offering to a profile page of yours that is provided by a third-party social media network in order to share with others within your network. Social Media Features are either hosted by a third party or hosted directly on our Offerings. Information collected in the context of the Social Media Features is subject to the relevant social media platforms’ own data collection, use, and disclosure policies. CRI may also allow you to log in to specific areas of our Offerings using sign-in services provided by social media platforms. These services authenticate your identity and may provide you the option to share certain personal information with us such as your name and email address to pre-populate our sign-up form.
CRI’s obligations with respect to data that may be accessed as a function of CRI’s role as a service provider, such as data stored or transferred by CRI customers through CRI’s hosted Offerings are defined in our agreements with our customers and are not governed by this Privacy Statement.
Depending on your location and applicable data protection laws, you may have the right to request access to, or correction, deletion or removal of, information about you, by using the contact details provided under the “Contact CRI” section. To protect your privacy and security, we may take steps to verify your identity before granting access, deleting or making changes to information you have provided us, including by requesting your name and email address. While we will make reasonable efforts to accommodate your request, we also reserve the right to reject such access requests or to impose certain restrictions and requirements on such requests, if required or permitted by applicable law.
If you receive marketing communications from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt out from receiving commercial email from us by sending your request to us by email at [email protected] or by writing to us at the address given at the end of this Privacy Statement. Please be aware that if you opt out of receiving commercial email from us or otherwise modify the nature or frequency of promotional communications you receive from us, it may take up to ten business days for us to process your request, and you may continue receiving promotional communications from us during that period. Additionally, even after you opt out from receiving commercial messages from us, you will continue to receive administrative messages from us regarding our Offerings.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. We do not discriminate against any individual based on the exercise of their data protection rights.
Except as described in this Privacy Statement, we will not disclose information about you that we collect on or through our Offerings to third parties without your consent, unless legally required or permitted to do so. We may disclose information to third parties if you consent to us doing so, as well as in the following circumstances:
Any information that you voluntarily choose to include in a publicly accessible area of the Sites or any of our Offerings will be available to anyone who has access to that content, including other users.
We work with third-party service providers to provide you with our Offerings and website, and assist us with our marketing and sales activities. Examples include customer relationship management providers, communications providers, maintenance and technical support providers, cloud hosting providers, analytics companies, payment providers, security and fraud detection providers. These third parties may have access to or process information about you for the purpose of providing the services mentioned above. For example, our customer relationship management providers host our customers and prospects employees’ contact details and information about our interactions and relationship with them for the purpose of allowing us to better manage our relationships with our customers and prospective customers. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and we require them to only use the information shared to provide us with the services they have been hired to provide.
We may share your information with our partners in connection with, selling or distributing our Offerings, or engaging in joint marketing activities, in accordance with your marketing preferences.
We may disclose your information if required to do so by any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary to comply with applicable law or regulation, in response to a court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.
We also reserve the right to disclose your information that we believe, in good faith, is appropriate or necessary to (i) take precautions against liability, (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity, (iii) investigate and defend ourselves against any third-party claims or allegations, (iv) protect the security or integrity of our Offerings and any facilities or equipment used to make our Offerings available, or (v) protect our property or other legal rights (including, but not limited to, enforcement of our agreements), or the rights, property, or safety of others.
Information about our users may be disclosed and otherwise transferred to an acquirer, successor, or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, or in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets in which case the acquirer, successor or assignee will use your personal information in line with this Privacy Statement.
We may make certain aggregated, automatically-collected, or otherwise non-personal information available to third parties for various purposes, including (i) compliance with various reporting obligations; (ii) for business or marketing purposes; or (iii) to assist such parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, promotions, and/or functionality available through our Offerings.
At CRI, security is a priority. CRI follows security framework practices based on leading industry standards. We use physical, managerial, and technical safeguards that are designed to improve the integrity and security of information that we collect, process and maintain. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. Security is an evolving area and CRI is constantly working to not only raise the level of security it deploys but also the security training of its employees.
Please be aware that no security measures are perfect or impenetrable. We cannot and do not guarantee that your information will not be accessed, viewed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.
Our Offerings may contain features or links to websites and services provided by third parties. Any information you provide on third-party sites or services is provided directly to the operators of such services and is subject to those operators’ policies, if any, governing privacy and security, even if accessed through our Offerings. We are not responsible for the content or privacy and security practices and policies of third-party sites or services to which links or access are provided through our Offerings. We encourage you to learn about third-parties’ privacy and security policies before providing them with information.
We may transfer and process your personal information in countries other than the country in which you are resident in connection with storage and processing of data, fulfilling your requests, and operating and providing our Offerings. These countries may have data protection laws that are different from the laws of your country. Specifically, our Offerings are hosted in the United States, and our subsidiaries and third-party service providers and partners operate nationally. However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Statement.
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives, then we will securely store your personal information and isolate it from any further processing until deletion is possible.
If you are a visitor/customer located in the European Economic Area (“EEA”), CRI is the data controller of your personal information. Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you.
You have the following rights:
Residents of California have the right to request a disclosure describing what types of personal information we have shared with third parties for their direct marketing purposes, and with whom we have shared it, during the preceding calendar year. You may request a copy of that disclosure by contacting us.
The following disclosures apply only to California residents covered under the California Consumer Privacy Act (“CCPA”).
The purposes for which we collect your personal information are described under the heading “Information We Collect and How We Use It” above. This section describes the business purposes and commercial purposes for which we collect personal information.
This Privacy Notice describes the categories of personal information that we have, disclosed for a business purpose and sold over the preceding twelve (12) months. Please refer to the sections headed “Information We Collect and How We Use It” and “Sharing Information” for more information.
We do not and will not sell your personal information to any other business or third party. CRI will always seek your affirmative direction/consent to intentionally disclose personal information to third parties in ways that might otherwise be construed to be a “sale” under the CCPA.
You have the right to request that we disclose the personal information we collect, use, disclose and sell. To exercise this right, please follow the instructions described to access your information in the “Your Rights and Choices” section above.
Protecting the privacy of young children is especially important to CRI. Our Sites are general audience websites not directed to children under the age of 16, and we do not knowingly collect personal information from children under the age of 16 without obtaining parental consent. If you believe we have collected information belonging to an individual under the age of 16, please let us know by contacting us.
Please revisit this page periodically to stay aware of any changes to this Privacy Statement, which we may update from time to time. If we modify this Privacy Statement, we will make it available through our Offerings, and indicate the date of the latest revision. In the event that the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change and obtain your consent where legally required. For example, we may send a message to your email address, if we have one on file, or generate a pop-up or similar notification when you access one of our Offerings for the first time after such material changes are made.
If you have any questions or comments about this Privacy Statement, your Information, our use, and disclosure practices, or your consent choices, please contact us.
1117 Boll Weevil Circle
Enterprise, AL 36330