Privacy Policy

 

 Privacy Statement

CTDI understands the importance of protecting the privacy of its customers and views the information that it maintains as one of its most valuable assets. CTDI has a moral, legal, and regulatory obligation to ensure that this information is protected appropriately. CTDI will perform all reasonably expected efforts to maintain the confidentiality, integrity, and availability of information by promoting a practice of ‘Privacy and Security by Design’. Access will only granted on a 'need-to-know' basis and where practical information will be anonymized or encrypted.

Where necessary, CTDI processes and stores Personally Identifiable Information ('PII'). The information collected will depend upon the specific interaction that a customer has with CTDI and may include name, address, email, phone contacts, accounts numbers, etc.

CTDI will always ensure that there is a valid business purpose for processing personal data. All PII follows a data retention policy and is determined when this data is no longer required and will be removed from our systems after this point. This does not affect the rights as an individual to request changes or deletion of this data.

CTDI will either act as a Data Controller or a Data Processor. If acting as a Data Controller we will communicate directly with the individual on their request. If acting as a Data Processor, we provide services on behalf of another organization (the Data Controller) who are representing the individual. All communication will be through this Data Controller organization relating to the rights of the data subject.

From time to time, CTDI will use third parties to fulfill its obligations and will be required to provide PII to this third party. For example, a shipping company may be used to return goods and be provided with a name and address. CTDI only provide the information necessary for the third party to fulfil its obligations and will ensure that the third party adhere to the same high standards as CTDI. This information is only used to perform its contractual obligations and is not sold to third parties.

Rights of the Individual

CTDI understand the individuals' rights to the protection of their data, including access, modification and deletion of personal information. If we are acting on behalf of another company, as a Data Processor, then requests should be directed through the individuals primary point of contact (the Data Controller). We will then act on those requests and communicate directly with the Data Controller.

When CTDI are acting as a Data Controller, communicating directly with an individual, we will endeavor to provide feedback within 28 days of any request. Requests may be submitted via email to infosec@ctdi.com.

Where a request is received to 'be forgotten' and all personal data deleted regarding an individual, we will review the request and where possible, delete this information. In certain situations, whether for contractual, legal or safety reasons this may not be possible, but feedback will always be provided. This will not impact on the rights and freedom of the individual.

Web Site Information

In some instances, CTDI collects PII directly from an individual. This may be through public web sites or web applications. CTDI attempts to make this data collection optional when possible.

Cookies

Many of CTDI’s web sites and web applications use Cookies, small files stored in the user’s browser, to provide information about the user’s interaction with the system. These cookies are most often used to track session state to make the use of a web site or application more convenient. Cookies may be disabled in the user’s browser, although this may impact the functionality of some of CTDI’s web applications.

Customer Device Data

As part of our contract we will service devices that may contain personal information. Prior to sending the device to CTDI the customer is advised to:

                    • remove all peripheral devices, such as SIM and memory cards,

                    • backup all existing data, software and programs,

                    • follow the manufacturer’s instruction to erase all personal data and reset the device to the factory settings

 

Personal information on the device will never be copied, or distributed, but may be deleted or corrupted during the servicing process. CTDI will not be responsible for loss, recovery or compromise of data, programs, or loss of equipment arising out of the services provided.

Contact

If there is any question regarding this policy or CTDI’s handling of PII, CTDI may be contacted via one of the methods below. In addition, if any issues are discovered with one of CTDI’s web applications that may present a concern regarding data security, CTDI may be contacted via one of the methods below.

Email: infosec@ctdi.com

Mail:

CTDI

Attn : Information Security

1336 Enterprise Drive

West Chester, PA 19380

© CTDI 2019
IMPORTANT: we use cookies on this web site.
Using this web site without changing the settings for cookies means that they will be placed on your device, to which you agree.
You can change the settings for cookies at any time.