Whether you’re a Client, vendor, or business partner this notice explains how and why we collect and use individuals’ data. It also outlines your rights on how to obtain, review, or withdraw your data. We may change this Privacy Notice from time to time. Any such changes will be posted on this page and any material changes will be made prominent. We encourage you to review this page from time to time.
Our Cookie Policy explains why and how we use cookies, including types of cookies, and how to manage your own cookie preferences.
Contact Us:
For questions, including correction requests, access requests, and complaints, please contact penny@cgp.llc. For all other queries please click here.
1. Privacy Notice
This Privacy Notice is applicable to the processing of all personal data of Business Contacts of CGP Group and Criser, Gough and Parrish, LLC (together ‘CGP’) or Criser & Mardis, Chartered. ‘Business Contact’ or ‘you’ means each individual whose personal data is processed by CGP in the scope of delivering services to clients, recipients of commercial messages for CGP, receiving services from vendors, and providing services together with business partners. This includes people working at CGP as consultants or employees of third parties providing services to CGP.
CGP is the controller of your personal data as described in this Privacy Policy. The contact details of CGP can be found at the CGP website.
2. Use of your information
2.1. When you visit or submit inquiries from cgp.llc or criser.com, you may be asked to provide certain information about yourself including your name and contact details. We may also collect information about your usage of our website as well as information about you from messages you post to the website and email or letters you send to us. CGP protects your personal data in line with applicable laws and our data privacy policies. We also take appropriate technical and organizational measures to protect your data against unauthorized or unlawful processing, and against accidental loss, destruction, damage, alteration, disclosure or access. Your information may also be used for:
3. Type of personal data we may collect
3.1. The below overview contains the categories of personal data processed by CGP for the purposes described in this Privacy Policy.
3.2. In the course of your business relationship with CGP, CGP may need to collect certain data viewed as ‘sensitive’ because they reveal intimate characteristics, such as religion, ethnicity, criminal acts, or health. Such sensitive data shall only be used within the strict limits set out by applicable local law. Such sensitive data processing activities conducted by CGP may, in accordance with applicable local requirements, include the following:
3.3. CGP will usually obtain personal data from you directly or via the relevant client, vendor, or business partner. Your personal data may also be obtained by CGP via public sources, including sanction lists, trade registers and online social media like LinkedIn.
4. How long do we use your information?
4.1. In general, CGP will retain your personal data for the duration of your business relationship with CGP (e.g. during the time CGP services are delivered to your employer and you are our Business Contact or during the time that CGP sends you commercial messages you are interested in, such as newsletters) and with a maximum of 36 months thereafter.
4.2. CGP deviates from these retention periods if your personal data is relevant for legal obligations. In such cases, CGP will retain your personal data for the period as required by that legal obligation (e.g. for the time CGP needs to keep a record of its financial transactions based on tax legislation for the time CGP needs to keep a record of its activities in the scope of screening against publicly available sanction lists).
4.3. CGP will also deviate from these retention periods if CGP has a pressing interest to keep your personal data longer (e.g. in case of ongoing or expected litigation).
5. Disclosure of personal information
5.1. Access to your personal data is only authorized to the extent such access is necessary to serve the intended purpose and for the respective staff to perform their job. Those that are authorized to access your personal data may include the CGP point of contact and CGP personnel.
5.2. From time to time, CGP may need to make personal data available to unaffiliated third parties, such as service providers (companies that provide products and services to CGP such as payment providers, IT systems suppliers), professional advisors (such as accountants, auditors, or lawyers), public and governmental authorities (entities that regulate or have jurisdiction over CGP such as regulatory authorities, law enforcement, public bodies and judicial bodies), or in the context of corporate transactions (in connection with any proposed or actual reorganization, merger or sale). CGP will put in place agreements with third party service providers and professional advisors to protect your data protection interests.
5.3. Due to the nature of CGP’s operations, CGP needs to disclose personal data to its own personnel and departments. Some of the unaffiliated third parties may also be located outside of your home jurisdiction. Where such data transfer takes place in a country that has a different data protection regime, CGP will ensure that the international data transfer will not negatively affect the level of protection of your personal data. Where required, CGP will inform you of any additional details on the international data transfer.
5.4. In case the recipient of the personal data is based outside the EEA in a country that is not considered to have a level of data protection adequate to the EU, CGP will ensure that this transfer is based on appropriate safeguards including EU Model Clauses or Binding Corporate Rules.
6. Security
6.1. CGP will take appropriate technical, physical, and organizational measures to protect personal data from misuse or accidental, unlawful, or unauthorized destruction, loss, alteration, disclosure acquisition or access, that are consistent with applicable privacy and data security laws and regulations. This will include requiring service providers to use appropriate measures to protect the confidentiality and security of personal data.
7. Access and updating
7.1. You have the right to request an overview of your personal data processed by or on behalf of CGP. If the personal data is incorrect, incomplete, or not processed in compliance with applicable law, you have the right to have this personal data rectified, deleted, or restricted (all as appropriate). You also have the right to object to the processing of your personal data (as appropriate). You can exercise your right by contacting the CGP at penny@crisergoughparrish.com. If you currently receive marketing emails from us, you can manage your subscription by clicking on the “Manage Communication Preferences” links contained within our emails. Alternatively, please contact penny@crisergoughparrish.com with your request.
7.2. For data protection or privacy-related complaints, you also have the right to file a complaint with the applicable supervisory authority.
7.3. If the processing of your personal data was based on consent, you have the right to withdraw such consent at any time. Such withdrawal will not affect the lawfulness of the processing based on consent before the withdrawal.
7.4. If you are based in the EU, you also have the right to data portability, meaning that a copy of your personal data provided by you to CGP will, at your request, be transferred to you in a common machine-readable format or transmitted to a third party without hindrance.
Schedule a time to discuss your business needs, timelines, and goals. We’ll create a plan that can best help you meet them.