1. Introduction
Crown Worldwide Holdings Limited (“Crown”) has developed this Privacy Policy out of respect for the privacy preferences and choices of our customers and prospects. We have established procedures to ensure that every reasonable effort is made to address your concerns. Crown, its subsidiaries and affiliates provide services to corporations, individuals and their family members. To provide the contracted services, Crown needs to collect and process personal data. This Privacy Policy describes Crown’s policies and practices regarding how we collect and process your personal data and sets forth your privacy rights. We may update this Privacy Policy as we adopt new privacy practices.
2. Data Protection Officer
Crown has appointed an internal data protection officer for you to contact if you have any questions or concerns about Crown’s personal data policies or practices. Crown’s data protection officer’s name and contact information are as follows:
Gary Maguire
Chief Risk Officer
Crown Worldwide Group
Phone: +1-332-225-0850
Email: dpo@crownww.com
3. How we collect and use (process) your personal information
We collect personal information on our customers to provide services to them. Crown only collects personally identifiable information about individuals when such individuals specifically provide such information to Crown on a voluntary basis or while requesting information on Crown’s services. For example, an online service request requires the collection of personal data for us to respond promptly and correctly to the service request.
Crown collects personal information about its customers and prospective customers. The personal information collected is limited to what is necessary to provide the services requested by the customer: first name, last name, employer name, home address, email address, phone number, biographical information, and in some cases passport details and financial information. We use this information specifically to provide the services requested by our customers. We do not sell personal information to anyone and only share the personal information with third parties who are directly assisting Crown in delivering the requested services.
4. Use of Crown websites
As is true of most websites, Crown’s websites collect certain information automatically to maintain optimum performance. The information may include internet protocol (IP) addresses, the country or general location where your computer or device is accessing the internet, browser type, operating system, and other information about the use of Crown’s website, including a history of the pages you view. We use this information to help us design our site to better suit our customers’ needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences. Crown’s website also uses cookies and web beacons. For more information about cookies, please visit https://allaboutcookies.org. Crown uses third-party providers to help manage and maintain the security and performance of our websites, therefore some information is collected and processed on all visitors to our website by our third-party providers. The third-parties also help Crown in generating reports about trends of visitors to our websites.
When individuals voluntarily submit their personal details to Crown via our website or other means to receive quotes for our services or subscribe to marketing information from Crown, those personal details submitted to Crown are processed by third parties on behalf of Crown to respond to the inquiries or requests. Crown may sometimes engage third parties to mail responsive information to customers who request Crown’s services, newsletters, white papers, and other information about Crown and its services. Any third-party providing such services for Crown has contractually committed to use the data only for the intended purpose and has agreed to securely process the data.
Crown’s websites may contain links to other sites. Crown is not responsible for the privacy practices or the content of such linked websites. Users should check the applicable Privacy Policy of such websites when providing personally identifiable information on those linked websites. Crown does not track users when they cross to third-party websites.
5. When and how we share information with others
The personal information Crown collects from you may be stored in one or more encrypted databases hosted in the Netherlands, Hong Kong, or the United States. For email and other related services, Crown uses established third-party cloud service providers who do not use or have access to your personal information.
Due to the nature of Crown’s business, we use qualified Service Partners to provide some of the services requested by our customers. For those third parties to be able to provide the services, Crown must transfer your personal data to the Service Partner on a need-to-know basis. We will not share more information with the third-party than they require to deliver the service. Third parties are contractually obliged to protect your data in a secure manner at all times. We remain responsible for the handling of your personal information by those third parties as provided in the EU (European Union) and UK GDPR (General Data Protection Regulation) Framework Principles, including the Supplemental Principles. If you request Crown to provide immigration or cross-border services on your behalf, Crown may need to provide your personal information to those necessary and responsible government agencies to deliver the service successfully.
Crown is subject to requirements to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
6. Transferring personal data outside of the European Economic Area
Information we collect from you will usually be processed in the country or countries in which the service you requested will be provided. At other times, we may need to transfer the data to Crown affiliates in countries outside of the European Economic Area to generate management information. Crown transfers personal data only with your consent; to fulfil the contract with you; or to fulfill a compelling legitimate interest of Crown in a way that does not outweigh your rights and freedoms. Crown endeavors to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with Crown and the practices described in this Privacy Policy including the usage of the GDPR Standard Contractual Clauses with our Service Partners. Crown also minimizes the risk to your rights and freedoms by not collecting, storing, or transferring more information than needed to provide your requested service.
7. Security of your information
To help protect the privacy of data and personally identifiable information you transmit through this site, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data only to those employees who need to know that information to provide services to you. In addition, we regularly train our employees in the importance of confidentiality and maintaining the privacy and security of your information. We will also take appropriate disciplinary measures to ensure Crown staff protect personal data.
8. Data storage and retention
Your personal data is stored by Crown on its servers, and on the servers of the cloud-based services Crown engages. Unless your contract or the law provides otherwise, Crown will not retain your data for longer than seven years.
9. Data subject rights
This Privacy Policy is intended to provide you with information about the personal data Crown collects about you and how it is used. If you have any questions, please contact our Data Protection Officer.
If you wish to confirm that Crown is processing your personal data, or to have access to the personal data Crown may have about you, please contact our Data Protection Officer.
Crown’s customers always have a choice to consent or not consent to the sharing of their information with third parties. Crown only processes the information for a specific purpose and according to the consent given by the individual.
You will always have the right to access, review, and correct any personal information that we may have collected about you. An individual who seeks access to, or who seeks to correct, amend, or delete inaccurate information in Crown’s possession should contact Crown, and Crown will review and make corrections accordingly. For more information on where and for how long your personal data is stored, and for more information on your rights of erasure and portability, please contact Crown’s Data Protection Officer.
10. EU-U.S. Data Privacy Framework (DPF), UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF
Crown has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Crown has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
The list of U.S. entities of The Crown Worldwide Group which adhere to the EU-W.S. DPF Principles, including as applicable under the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF Principles are:
• Crown World Mobility
• Crown Relocations
• Crown Fine Art
• Crown Records Management
• Crown Logistics
• Crown Workspace
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Crown commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Crown commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to IRM ICDR-AAA (https://go.adr.org/dpf_irm.html), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of IRM ICDR-AAA are provided at no cost to you.
Crown is subject to the investigatory and enforcement powers of the Federate Trade Commission (FTC) and/or the U.S. Department of Transportation (DOT).
Under certain conditions, Crown is obligated to arbitrate claims and follow the terms as set forth in Annex I of the DPR Principles, provided that an individual has invoked binding arbitration by delivering notice to Crown Worldwide Group and following the procedures and subject to conditions set forth in Annex I of Principles. For more information please visit: https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction.
11. Independent recourse mechanism for privacy complaints
Crown also agrees to cooperate with the EU and UK Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) for complaints involving the collection of personal data.
12. Questions, concerns or complaints
Please contact:
Gary Maguire
Chief Risk Officer
Crown Worldwide Group
Phone: +1-332-225-0850
Email: dpo@crownww.com
13. Non-Compliance
Any employee who violates this policy shall be subject to disciplinary action, up to and including termination of employment.
14. Further Information
Employees should contact their Regional IT Manager or the Data Protection Officer with any questions or clarifications regarding this policy. Regional IT Managers should contact the Chief Privacy Officer with any questions or clarifications regarding this policy.
15. Review Schedule
This policy must be reviewed at least annually. The policy review process is managed by the Chief Risk Officer and approved by Group Vice President of IT.
The foregoing policy is revised and effective as of November 1st, 2024. Crown reserves the right to change this policy at any time by notifying users of the existence of a new Privacy Policy. This policy is not intended to create any contractual or other legal rights in or on behalf of any party.
As our organization practices may change, this Privacy Policy is expected to change too. We reserve the right to amend the Privacy Policy at any time, for any reason, without notice to you, other than the posting of the amended Privacy Policy on our websites.
16. Change Control
1.3 Gary Maguire Addition of EU-U.S. Data Privacy Framework (DPF), UK Extension to the EU-U.S. DPF, and the Swiss-U.S.DPF requirements
1.2 Gary Maguire Removal of Privacy Shield 01 Dec 2023
1.1 Chris Davis-Pipe Regular Review – No Change 29 Apr 2022
1.1 Chris Davis-Pipe Update CPO to Cary Maguire 15 Jun 2021
1.0 Chris Davis-Pipe Regular Review – No Change 30 Apr 2020
1.0 Wincey Chek Regular Review – No Change 10 May 2019
1..0 Philip Poon Initial Draft 07 May 2018