CTSI-Global helps shippers and 3PLs to manage and control all aspects of their supply chains – physical, informational and financial – with customized SaaS solutions in one global database. In the day to day running of the business, it collects personal data solely for the purposes of communication with clients, to maintain smooth operations of the agreed business purposes.
At CTSI-Global we have a diverse client base, so looking after your information and protecting your privacy is extremely important to us. We are committed to providing you with the best possible service. Every company and organization that processes or stores personal information belonging to EU Data Subjects is responsible for complying with the new privacy regulations (GDPR / AVG) which began on 25 May 2018.
Consequently, CTSI-Global is considered a Processor of EU personal data as defined in the new GDPR privacy regulations. Therefore, CTSI-Global has a statutory and contractual obligation to comply with the GDPR from 25 May 2018.
This obligation includes, amongst other obligations, to:
- Store and process freight payment data for your company for the execution of the contractual obligations to your company, and never provide or give access to the data to any third party without the express prior approval of your company;
- Maintain and improve a documented security program, as specified in the written agreement between CTSI-Global and your company (the “Services Contract”), that specifies the technical, administrative, organizational, and physical safeguards to be utilized in order to prevent your company data from any unauthorized access, copying, publication, modification, etc.;
- On request of your company provide documented evidence of our security program, of recurring evaluations of the security program, and/or of improvements to our security program;
- Cooperate with your company to resolve any gaps in the security program utilized for the Services Contract that pose a significant risk to the security of personal data stored in the systems provided for your company, or that violate any of the rules of the GDPR as they relate to the data stored in the systems provided for your company. Work with your company to remove outdated, deprecated, and unsupported technologies involved in processing personal data for your company, or to replace these with current state of the art technologies as mutually agreed upon in writing between CTSI-Global and your company;
- Have a system in place to identify information security incidents, have a documented security incident response plan, a clear procedure to inform your company of any data breach (incidents that violate the availability, integrity, and confidentiality of personal data) to notify your company of a data breach according to the terms of the Services Contract;
- Restore personal data in a timely manner, in the event of an incident affecting the data, as per the Services Contract;
- At the direction of your company, delete and/or correct the data, and provide support to your company in order to enable your company to provide an overview of the stored data on specific request of the individual;
- At the direction of your company, delete all personal data in case storage or processing is no longer necessary, for example, in case the Services Contract was terminated; and
- Cooperate with any audit related to the Services Contract, in order to prove compliance with the GDPR privacy regulations and the obligations stated in this letter.
We are committed to keeping your personal data safe and have a range of technical and operational security measures in place to protect the personal information we hold.
If you would like to contact us about anything in this GDPR Policy, you can email firstname.lastname@example.org.