1. Introduction

Crown Worldwide Holdings Limited (“Crown”) has developed this Privacy Policy out of respect for the privacy preferences and  choices of our customers and prospects. We have established procedures to ensure that every reasonable effort is made to  address your concerns. Crown, its subsidiaries and affiliates provide services to corporations, individuals and their family members. To provide the  contracted services, Crown needs to collect and process personal data. This Privacy Policy describes Crown’s policies and practices regarding how we collect and process your personal data and sets  forth your privacy rights. We may update this Privacy Policy as we adopt new privacy practices.

 2. Data Protection Officer

Crown has appointed an internal data protection officer for you to contact if you have any questions or concerns about Crown’s  personal data policies or practices. Crown’s data protection officer’s name and contact information are as follows:
Gary Maguire
Chief Risk Officer
Crown Worldwide Group
Phone: +1 714 655 1566
Email: dpo@crownww.com

 3. How we collect and use (process) your personal information

We collect personal information on our customers to provide services to them. Crown only collects personally identifiable  information about individuals when such individuals specifically provide such information to Crown on a voluntary basis or while  requesting information on Crown’s services. For example, an online service request requires the collection of personal data for  us to respond promptly and correctly to the service request.
Crown collects personal information about its customers and prospective customers. The personal information collected is  limited to what is necessary to provide the services requested by the customer: first name, last name, employer name, home  address, email address, phone number, biographical information, and in some cases passport details and financial information.  We use this information specifically to provide the services requested by our customers. We do not sell personal information to  anyone and only share the personal information with third parties who are directly assisting Crown in delivering the requested  services.

 4. Use of Crown websites

As is true of most websites, Crown’s websites collect certain information automatically to maintain optimum performance. The  information may include internet protocol (IP) addresses, the country or general location where your computer or device is  accessing the internet, browser type, operating system, and other information about the use of Crown’s website, including a  history of the pages you view. We use this information to help us design our site to better suit our customers’ needs. We may  also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track visitor  movements, and gather broad demographic information that assists us in identifying visitor preferences. Crown’s website also  uses cookies and web beacons. For more information about cookies, please visit allaboutcookies.org. Crown uses third-party  providers to help manage and maintain the security and performance of our websites, therefore some information is collected  and processed on all visitors to our website by our third-party providers. The third-parties also help Crown in generating reports  about trends of visitors to our websites.
When individuals voluntarily submit their personal details to Crown via our website or other means to receive quotes for our  services or subscribe to marketing information from Crown, those personal details submitted to Crown are processed by third  parties on behalf of Crown to respond to the inquiries or requests. Crown may sometimes engage third parties to mail responsive information to customers who request Crown’s services, newsletters, white papers, and other information about  Crown and its services. Any third-party providing such services for Crown has contractually committed to use the data only for  the intended purpose and has agreed to securely process the data.
Crown’s websites may contain links to other sites. Crown is not responsible for the privacy practices or the content of such  linked websites. Users should check the applicable Privacy Policy of such websites when providing personally identifiable  information on those linked websites. Crown does not track users when they cross to third-party websites.

 5. When and how we share information with others

The personal information Crown collects from you may be stored in one or more encrypted databases hosted in the  Netherlands, Hong Kong, or the United States. For email and other related services, Crown uses established third-party cloud  service providers who do not use or have access to your personal information.
Due to the nature of Crown’s business, we use qualified Service Partners to provide some of the services requested by our  customers. For those third parties to be able to provide the services, Crown must transfer your personal data to the Service  Partner on a need-to-know basis. We will not share more information with the third-party than they require to deliver the  service. Third parties are contractually obliged to protect your data in a secure manner at all times. We remain responsible for  the handling of your personal information by those third parties as provided in the EU (European Union) and UK GDPR (General  Data Protection Regulation) Framework Principles, including the Supplemental Principles. If you request Crown to provide  immigration or cross-border services on your behalf, Crown may need to provide your personal information to those necessary  and responsible government agencies to deliver the service successfully.

6. Transferring personal data outside of the European Economic Area

Information we collect from you will usually be processed in the country or countries in which the service you requested will be  provided. At other times, we may need to transfer the data to Crown affiliates in countries outside of the European Economic  Area to generate management information. Crown transfers personal data only with your consent; to fulfil the contract with  you; or to fulfill a compelling legitimate interest of Crown in a way that does not outweigh your rights and freedoms. Crown  endeavors to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with Crown and the practices described in this Privacy Policy including the usage of the GDPR Standard  Contractual Clauses with our Service Partners. Crown also minimizes the risk to your rights and freedoms by not collecting,  storing, or transferring more information than needed to provide your requested service.

7. Security of your information

To help protect the privacy of data and personally identifiable information you transmit through this site, we maintain physical,  technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to  your personal data only to those employees who need to know that information to provide services to you. In addition, we  regularly train our employees in the importance of confidentiality and maintaining the privacy and security of your information.  We will also take appropriate disciplinary measures to ensure Crown staff protect personal data.

8. Data storage and retention

Your personal data is stored by Crown on its servers, and on the servers of the cloud-based services Crown engages. Unless your  contract or the law provides otherwise, Crown will not retain your data for longer than seven years.
9. Data subject rights
This Privacy Policy is intended to provide you with information about the personal data Crown collects about you and how it is  used. If you have any questions, please contact our Data Protection Officer.
If you wish to confirm that Crown is processing your personal data, or to have access to the personal data Crown may have  about you, please contact our Data Protection Officer.
Crown’s customers always have a choice to consent or not consent to the sharing of their information with third parties. Crown  only processes the information for a specific purpose and according to the consent given by the individual.
You will always have the right to access, review, and correct any personal information that we may have collected about you. An  individual who seeks access to, or who seeks to correct, amend, or delete inaccurate information in Crown’s possession should contact Crown, and Crown will review and make corrections accordingly. For more information on where and for how long your personal data is stored, and for more information on your rights of erasure and portability, please contact Crown’s Data  Protection Officer.

10. Independent recourse mechanism for privacy complaints

Crown also agrees to cooperate with the EU and UK Data Protection Authorities (DPAs) and the Swiss Federal Data Protection  and Information Commissioner (FDPIC) for complaints involving the collection of personal data.

1. Changes and updates to the Privacy Policy

The foregoing policy is revised and effective as of December 1st, 2023. Crown reserves the right to change this policy at any time  by notifying users of the existence of a new Privacy Policy. This policy is not intended to create any contractual or other legal  rights in or on behalf of any party.
As our organization practices may change, this Privacy Policy is expected to change too. We reserve the right to amend the  Privacy Policy at any time, for any reason, without notice to you, other than the posting of the amended Privacy Policy on our  websites.

11.Questions, concerns or complaints

Please contact Crown’s Data Protection Officer:
Gary Maguire
Chief Risk Officer
Crown Worldwide Group
Phone: +1 714 655 1566
Email: dpo@crownww.com

12.Non-Compliance

Any employee who violates this policy shall be subject to disciplinary action, up to and including termination of employment.

13.Further Information

Employees should contact their Regional IT Manager or the Data Protection Officer with any questions or clarifications regarding  this policy. Regional IT Managers should contact the Chief Privacy Officer with any questions or clarifications regarding this  policy.

14.Review Schedule

This policy must be reviewed at least annually. The policy review process is managed by the Chief Risk Officer and approved by  Group Vice President of IT.

15. Change Control

1.2 Gary Maguire Removal of Privacy Shield 01 Dec 2023
1.1 Chris Davis-Pipe Regular Review – No Change 29 Apr 2022
1.1 Chris Davis-Pipe Update CRO to Gary Maguire 15 Jun 2021
1.0 Chris Davis-Pipe Regular Review – No Change 30 Apr 2020
1.0 Wincey Chek Regular Review – No Change 10 May 2019
1.0 Philip Poon Initial Draft 07 May 2018