Last Updated: 12/01/2022
Effective Date: 12/19/2022
- Personal Data We Collect
- Sources from Which Personal Data is Collected
- Purposes for Collecting Personal Data
- Legal Grounds for Collecting and Processing Personal Data
- Third-Party Recipients of Personal Data
- Cookies & Similar Technologies
- Interest-Based Advertising
- Third-Party Privacy Practices
- Cross-Border Transfers of Personal Data
- Children's Privacy
- Retention of Personal Data
- Protecting Your Personal Data
- Personal Data Rights
- Other Rights
- Excercising Privacy Rights
- Data Controller
- How to Contact Us
I. Personal Data We Collect
We may collect the following categories of personal data:
- Personal Details, such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, phone number (including mobile numbers), date of birth, gender, signature, or other similar identifiers.
- Account Information, such as a username, password, unique online identifier, or other similar log-in information.
- Payment Details, such as credit card number, debit card number, or other similar information.
- Purchase Histories and Other Commercial Information, such as products purchased, obtained, or considered, and other purchasing or consuming histories or tendencies.
- Internet or Other Similar Network Activity, such as browsing history, search history, cookies, device information, and information concerning your interactions with a website or advertisement.
- Professional or Employment-Related Information, such as occupation or current or past job history.
- Education Information, such as transcripts, academic evaluations, and other education-related information.
- Your Correspondence and Communications with CSI, including interactions with customer service and your comments sent to us via email, chat, phone, fax, or on social media.
- Usage Data, including data generated by using our service/platform such as usage history, diagnostic data, performance data, and other similar usage data.
- Communication and Marketing Preferences, such as your preferred channels of communication, and whether or not you opt in to receive marketing materials.
- Publicly Available Personal Data, including personal data you have shared via a social media platform (e.g., a public Facebook page).
II. Sources from Which Personal Data is Collected
We may collect the above-described categories of personal data from one or more of the following sources:
- You. We collect personal data that you provide to us, such as when you contact us by phone, email or webform, subscribe to a newsletter, marketing email, or other publication, respond to a survey, engage us on a service project, submit a supplier or subcontractor registration or update, create an online customer portal account on our websites, purchase something directly though one of our online e-commerce channels, or apply for a job through our Sites.
- Our Automated Information Collection Technologies. We also collect personal data, such as your Internet Protocol address and purchase history, through our use of automated information collection technologies. For additional information, see the Cookies & Similar Technologies and Interest-Based Advertising sections of this Policy.
- Your Employer. We may receive your personal information from your employer if (1) your employer is our customer; or (2) your employer is our subcontractor or supplier.
- Third-Party Service Providers. We may receive personal data about you from our third-party service providers, such as marketing networks and cooperatives and analytics providers (e.g., qualified lead generation partners).
- Other Third Parties. We may collect personal data about you from other third-party sources, including but not limited to publicly-available sources.
III. Purposes of Processing Personal Data
We may process the above-described categories of personal data for one or more of the following business or commercial purposes:
- To provide you or your employer with requested products and services, including processing and shipping orders; verifying your payment information; processing payments, refunds, and chargeback claims; maintaining and servicing your account(s); and providing you with product recommendations.
- To manage your orders and returns, including creating, modifying, and cancelling orders and returns and verifying your identity and payment information.
- To manage your account with us if you choose to create one.
- To complete a credit check if you choose to pay by accounts receivable.
- To communicate with you, such as when you place an order, contact or chat with us, make a request or inquiry, or share comments or concerns; and to send you coupons, emails, and newsletters or otherwise inform you of promotions.
- For marketing and advertising purposes, such as to send you marketing and advertising communications, and to customize the specific advertisements and promotions that we send or otherwise show to you. For additional information, please review the sections of this Policy on Cookies & Similar Technologies and on Interest-Based Advertising.
- To conduct analytics to understand how users use our Sites and shop with us; determine the methods and devices used to access our Sites; enhance our products; and make improvements to our Sites.
- For our business operations, such as identifying and implementing improvements to our business operations, products, services, systems, and supply chains; creating and maintaining our programs, accounts, and records; collecting and managing consent; gaining insights into our customer preferences, expectations, and trends; and conducting market and other business-related research.
- To provide interactive features of our Sites, such as our customer account and job applicant portals.
- To provide you with technical support, Site accessibility, and customer service.
- To protect our customers, employees, subcontractors, suppliers, users, visitors, and other individuals, as well as our assets and business, against violence, fraud, theft, misuse, and other malicious activities.
- To detect, analyze, and prevent safety risks, fraudulent activities, and other illegal and malicious activities (e.g., theft).
- To communicate with you about the status of your job application; verify your identity, qualifications, and experience; and determine whether you are a good fit for the position you are interested in.
- To meet our regulatory reporting requirements and comply with our legal and regulatory obligations, including those requiring businesses to maintain specified records.
- To respond to requests from law enforcement; meet obligations in legal proceedings and government investigations; and as otherwise required by applicable law, court order, or government regulations.
- To provide information pertinent to an actual or potential merger, acquisition, or other reorganization.
- As necessary or appropriate to protect the rights, property, or safety of our customers or others.
- As otherwise described to individuals when collecting their personal data.
IV. Legal Basis for Collecting and Processing Personal Data
- Consent. The legal ground for processing your personal data that we collect when you provide us with permission to do so is your consent, which you may withdraw at any time by (1) clicking on any unsubscribe link that we provide; (2) withdrawing your consent to cookies [This website stores cookies on your computer. These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information in order to improve and customize your browsing experience and for analytics and metrics about our visitors]; or (3) emailing Compliance@CSI.com, without affecting the lawfulness of processing based on consent before its withdrawal.
- Contractual Necessity. We may process your personal data when it is necessary in order to act at your request prior to entering into a contract with you, or when it is necessary for the performance of a contract to which you are a party (e.g., processing credit card details in order to effect payment).
- Compliance with Legal Obligations. We also may conduct certain personal data processing activities for purposes of meeting our legal obligations (e.g., in order to meet our regulatory retention obligations). Under certain circumstances, we may also be legally obliged to assist with crime and fraud prevention efforts.
- Vital Interests. Under special circumstances (e.g., in connection with natural disasters or emergency situations), we may need to process your personal data in order to protect your vital interests or the vital interests of one or more other persons.
- Supplying products and services to customers;
- Providing quality support to customers, potential customers, and Site users;
- Giving customers and potential customers marketing materials to promote our services and products;
- Providing more relevant content for users of our Sites;
- Identifying and fixing problems with our Sites;
- Understanding how our customers interact with our products, services, and Sites so we can enhance the customer experience and functionality of our products, services, and Sites;
- Improving the overall user experience on our Sites;
- Administering promotions, competitions, drawings, sweepstakes, and surveys;
- Managing our network and on-premises security;
- Operating our business, including by identifying and implementing improvements to our business operations; creating and maintaining our programs, accounts, and records; and conducting business-related research;
- Protecting the rights, property, or safety of our customers, our employees, and/or others;
- Managing corporate transactions, including providing information pertinent to an actual or potential merger, acquisition, or other reorganization;
- Maintaining compliance with applicable global laws and regulations;
- Recruiting and vetting job applicants; and
- Any other legitimate interest for a purpose, balanced against your rights, freedoms, etc., and communicated to you at the appropriate time.
V. Recipients of Personal Data
- Affiliates and Subsidiaries. We may share your personal data with CSI’s subsidiaries and affiliates to assist us with business operations. Our subsidiaries and affiliates are part of the manufacturing industry, the manufacturing of fabricated metal products sector, the manufacturing of machinery, and the equipment subsector, manufacturing of metal household articles subsector, and manufacturing of general purpose machinery subsector; as well as the retail trade industry, the retail trade sector, and the retail sale of hardware subsector, retail trade of hardware subsector, retail trade of household goods subsector, and online retail trade subsector. Our subsidiaries and affiliates are located in the U.S.
- Social Media Platforms. Social Media Platforms (e.g., Facebook, Instagram, Twitter, Pinterest, etc.) may offer functionalities, plugins, widgets, or tools in connection with our Sites (e.g., to share our products with your friends and followers on Social Media Platforms). If you choose to use these functionalities, plugins, widgets, or tools, your personal data may be shared with or collected by such Social Media Platforms and is subject to such Social Media Platforms’ privacy practices. The third-party Social Media Platforms are part of the information and communication industry, information service activities sector, data processing and hosting activities subsector, and are located in the U.S. and in Ireland. For more information regarding such Social Media Platforms’ privacy practices, you should review such Social Media Platforms’ privacy notices.
- Third-Party Recipients of Customer Lists. We may make our customer list (including names, customer identification, mailing addresses, email addresses, and phone numbers) available to third-party service providers assisting us with marketing efforts. The marketing service providers are part of the (a) information industry, information services sector, and the data processing subsector, (b) professional services industry, advertising sector, and advertising agency subsector, (c) professional services industry, advertising sector, and media representation subsector, or (d) professional services industry, advertising sector, and market research subsector. Such marketing service providers are located in the U.S.
- Third-Party Service Providers, Partners, Suppliers, and Subcontractors that Perform Services on Our Behalf. We may share personal data with third-party service providers, partners, suppliers, and subcontractors that perform services on our behalf, including but not limited to services in the areas of billing and payment processing, marketing, advertising, data analysis and insight, research, web hosting, technical support, customer service, shipping and fulfilment, printing, data storage, security, fraud prevention, and legal services. Such third-party service providers, partners, suppliers, and subcontractors are or may operate in varying industries, sectors, and subsectors, and are or may be located in countries around the world.
- Governmental Entities and Third Parties in Connection with Legal Matters. We may disclose personal data to governmental entities, such as regulatory agencies, law enforcement, and judicial authorities, as well as other third parties under any of the following conditions: (a) if we have your valid consent to do so; (b) to comply with a valid subpoena, legal order, court order, warrant, legal process, or other legal obligation, including to meet national security or law enforcement requirements; (c) to enforce or apply any of our terms and conditions, policies, or other agreements; (d) to exchange information with other companies and organizations for the purposes of fraud protection and credit risk reduction; or (e) as necessary to pursue available legal remedies or defend legal claims. The governmental entities may include courts, regulatory agencies, law enforcement agencies, security or intelligence agencies, or any other government entities with lawful authority to compel the transfer of your personal data. The governmental entities are part of the public sector, and will be engaged in law enforcement, adjudication, intelligence, and/or other regulatory activities. The third parties could be law firms, expert witnesses, compliance consultants, or other third parties in any relevant industry in connection with legal matters. The governmental entities or third parties involved with legal matters could be located in any country or region where CSI does business, including but not limited to the European Union, Australia, Canada, China, the United States, and Vietnam.
- Third Parties in Connection with a Potential Reorganization. We may share personal data with a prospective seller or buyer in the event of a potential reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of CSI’s assets or stock, including, without limitation, in connection with any bankruptcy or similar proceeding. The third-party sellers or buyers could be part of any industry and located in any country.
VI. Cookies & Similar Technologies
As you interact with our Sites, we, with assistance from third-party analytics service providers, collect personal data pertaining to your use of our Sites and the devices and programs from which you access our Sites (“Usage Data”) using cookies and similar technologies.
- What are cookies?
Cookies are small files sent or accessed from your browser on the hard drive of your computer, mobile device, or tablet that contain information about your computer, such as your user ID, user settings, browsing history, and activities conducted while browsing websites (e.g., pages viewed, navigation around a Site, and products purchased). Cookies are used to “remember” when your computer or devices access our Sites.
If you withdraw your consent to cookies, you may lose some saved information (e.g., saved login details, site preferences), some services and functionalities may not work properly at all (e.g., profile logging-in), and you may have to manually adjust some preferences every time you visit a site/page. Cookies that are required to enable core site functionality cannot be disabled without causing substantial site functionality issues.
VII. Interest-Based Advertising
CSI works with third parties engaged in advertising (“Advertising Partners”), including Social Media Providers and search engines, such as Google (e.g., Google Ads, Google Analytics), or Meta (Meta Pixel) who serve or send advertisements on our behalf and assist us in delivering more relevant advertising to you. These Advertising Partners may place or recognize a cookie or similar technology on your computer, device, and collect information, such as Usage Data and aggregated demographic or shopping information. We may share personal data (such as your IP address) with such third parties, who may link this information to cookies and other proprietary identification, which are used for purposes of predicting your preferences and sending interest-based advertising in order to show you ads that are anticipated to be of interest to you. These third parties may use this information to recognize you across different channels and platforms over time to assist us with our operations including for advertising, analytics, attribution, and reporting purposes. These third-party Advertising Partners are responsible for all processing of personal data that they conduct as Controllers, including any international transfers of personal data.
VIII. Third-Party Privacy Practices
Our Sites may provide links to other third-party Internet websites as a service to you. We are not responsible for the privacy practices of such other third-party Internet websites. If you link to such a site through our Sites, you should always review any privacy notice that is available for that site.
IX. Cross-Border Transfers of Personal Data
When you use our Sites or we otherwise receive your personal data, your personal data may be stored on servers located outside of the country of your residence. Your personal data may be transferred to and processed by CSI, CSI affiliates, and CSI’s third-party service providers, partners, suppliers, and subcontractors in the United States and abroad. The data protection and privacy laws of the United States and other countries may not be as comprehensive as the laws of your country. For example, personal data transferred to the United States may be subject to lawful access requests by U.S. federal and state authorities. For transfers of United Kingdom and European Union personal data to service providers and other parties in the United States, which has not been deemed to provide an adequate level of data protection for personal data by relevant regulatory authorities, CSI will rely on Standard Contractual Clauses as the lawful transfer mechanism to support such transfers.
X. Children’s Privacy
Our Sites are not directed to individuals under the age of 13. We do not knowingly collect or use any personal information from users under 13 years of age. No personal information should be submitted to our Sites by visitors under 13 years of age. If we learn that we have collected personal information from someone under 13, we will take steps to delete the personal information as soon as possible.
XI. Retention of Personal Data
CSI will retain your personal data for the time period necessary to fulfill the purposes for which your personal data was originally collected or received and to meet our legal obligations.
XII. Protecting Your Personal Data
We implement technical and organizational measures designed to assist in maintaining the security and confidentiality of personal data; safeguarding against anticipated threats to the confidentiality, integrity, and availability of personal data; and protecting your personal data against accidental or unlawful destruction, loss, alteration, and unauthorized access or disclosure.
However, whenever personal data is processed, there is always a risk that such information could be lost, misused, modified, hacked, breached, and/or otherwise accessed by an unauthorized third party. No system or online transmission of data is completely secure. In addition to the technical and organizational measures that we have in place to protect your personal data, you should use appropriate security measures to protect your personal data. If you believe that any personal data you provided to us is no longer secure, please notify us immediately by phone (704)843-9292; or by email at Compliance@CSI.com.
XIII. Personal Data Rights
If you reside in the European Union or the United Kingdom, you have the following rights under the General Data Protection Regulation (“GDPR”) or the UK GDPR (as applicable) regarding the processing of your personal data:
- Right of Access. You have the right to receive a copy of the personal data that we hold about you.
- Right to Rectification. You have the right to correct or complete any inaccurate or incomplete personal data that we hold about you.
- Right to Erasure. In certain circumstances, you have the right to request that we erase the personal data that we hold about you.
- Right of Data Portability. In certain circumstances, you have the right to request that we supply you with the personal data that we hold about you in a structured, commonly used and machine-readable format and/or, where technically feasible, to transmit such personal data to another organization.
- Right to Restrict Processing. In certain circumstances, you have the right to restrict our processing of the personal data that we hold about you.
- Right to Lodge a Complaint with a Supervisory Authority. You have the right to lodge a complaint with the relevant supervisory data protection authority. If you reside in the European Economic Area, you may lodge a complaint with the supervisory authority in the Member State where you live or work or in the location of an alleged GDPR infringement. If you reside, work, or believe you have experienced a privacy infringement in the United Kingdom, you may lodge a complaint with the UK Information Commissioner’s Office.
- Right to Withdraw Consent. If our lawful basis for processing your personal data is your consent, you have the right to withdraw your consent at any time.
- Right to Object. You have the right to object to the processing of your personal data for certain purposes, including:
- Processing for Direct Marketing Purposes. The right to object to the processing of your personal data for direct marketing purposes, including profiling related to direct marketing; and
- Processing for Legitimate Interests. The right to object to the processing of your personal data that is based on our or a third party’s legitimate interests, including profiling related to such legitimate interests.
XIV. Other Rights
XV. Methods of Exercising Privacy Rights
- Withdrawal of Consent. You may withdraw your consent at any time by (1) clicking on any unsubscribe link that we provide (e.g., withdrawing from receiving marketing emails); (2) withdrawing your consent to cookies [This website stores cookies on your computer. These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information in order to improve and customize your browsing experience and for analytics and metrics about our visitors]; or (3) emailing Compliance@CSI.com, without affecting the lawfulness of processing based on consent before its withdrawal.
- Other Methods to Exercise Privacy Rights. You may submit requests to exercise your privacy right(s) by:
- Calling us at (704)843-9292; or
- Emailing us at Compliance@CSI.com.
- Submission Contents. Requests to exercise your privacy right(s) should include the following information:
- Your name;
- The country in which you currently reside;
- Which privacy right(s) you are exercising;
- Details that will assist us in responding to your request, including:
- If you are exercising access rights, the information to which you are requesting access;
- If you are exercising deletion rights, the information for which you are requesting deletion;
- Any other relevant information about your personal data and/or the right you are exercising; and
- A phone number and/or email address at which we can reach you.
XVI. Data Controller
Personal data used by CSI for its business purposes, as well as personal data collected by and on behalf of CSI, is controlled by Component Sourcing International, which is located at the following address:
1301 Westinghouse Blvd
Charlotte, NC 28273
Telephone contact: (704) 843-9292
XVIII. How to Contact Us