Platform/System Terms and Conditions Requirements

    You may not include in the comments text field box (i) Credit Suisse confidential information, (ii) offensive or inflammatory speech, (iii) information that could directly or indirectly identify past, present or potential Credit Suisse clients and/or (iv) sensitive information concerning Credit Suisse  employees. For additional information, please refer to Information Ownership Classification and Handling (GP-00277) and Client Data Confidentiality/Data Protection/Privacy (GP-00087)). If you are unsure about this requirement, please consult your local General Counsel contact before posting the information.

    Long Term Service Award Waiver

     

    1. Purposes and legal basis for processing Your Personal Data

     

    By consenting below you agree that Credit Suisse collects and further processes Employee ID, Name, Email, Service Anniversary Date, and Personal Address (“Your Personal Data”) in order to provide gifts to employees to reward long-term service (“Purpose”).

     

    Credit Suisse is relying on your consent as the lawful basis for processing Your Personal Data. The consent given can be withdrawn at any time. Please note that the withdrawal only applies to the future processing activities of Your Personal Data and does not affect the legality of data processed prior to withdrawal.

     

    The data controller is your employer.

     

    1. Recipients of Your Personal Data

     

    Your Personal Data may be accessed by Credit Suisse HR employees for the Purpose enumerated above.

     

    Credit Suisse may also transfer Your Personal Data to third-party providers with Scarborough and Tweed (USA), who are bound by contractual data confidentiality measures, that assist Credit Suisse in providing services in pursuance of the Purpose. To fulfil the Purpose described above, Your Personal Data might be transferred outside of the country where you reside, which may be in a country that does not afford the same level of privacy protection as the country where you reside/booked Credit Suisse services. However Credit Suisse uses the following measures to protect the safety of your Personal Data. Credit Suisse staff and third parties are obligated to treat the Personal Data provided to them in accordance with Credit Suisse’s standard terms of use and global policy requirements that were established in accordance with applicable privacy laws and regulations, as well as all procedures, laws and regulations to which Credit Suisse is subject to. Credit Suisse contractually requires vendors to adhere to standards of protection that are at least as protective as outlined herein with respect to the protection of Your Personal Data. The protection and security of Your Personal Data has been, and always will be, of paramount importance to Credit Suisse.

     

    Credit Suisse will process Your Personal Data to the extent necessary to achieve the Purpose specified above and to the extent permissible by law.

     

    1. The period for which Your Personal Data will be stored

     

    Credit Suisse will retain Your Personal Data subject to any legally required measures or policies that require updating, reconfirmation or deletion.

     

    1. Your rights

     

    If you:

    1. have any questions about the way that we collect and use your Personal Data;
    2. want to withdraw your consent;
    3. wish to make a complaint in relation to the use of Your Personal Data; or
    4. wish to exercise your potential rights regarding access to the data, rectification, opposition, restriction of processing, portability and/or deletion.

     

    please contact the Credit Suisse Group Data Protection Officer at data.protection@credit-suisse.com.

    We will respond to your request/complaint within the timeframe specified in any applicable law, or otherwise within a reasonable time. By clicking “I consent” below you agree that Your Personal Data may be processed for the purposes described above.

     

    If you indicate "I do not consent", above or withdraw your consent at a later time, you acknowledge that Credit Suisse may be unable to fulfil the Purpose enumerated above.

     

    Privacy Policy

    This Privacy Policy is designed to help you better understand how we collect, use, and protect your personal data.

    We at Scarborough & Tweed know our users care about how their personally identifiable information ("Information") is used and we take your privacy seriously. This Privacy Policy ("Policy") describes how we collect and use Information when you use our e-commerce services (Service).

    We obtain personal information from various sources. You provide some of it directly (such as by registering for an Account). Or your Account data may be pre-loaded to our sites by our tech team.

    If you have an account, we may collect information from you, such as your physical address and phone number, so that we may provide Services to you. If you are paying for the Service, standard payment and billing information is required. We do not require users to provide their race, ethnicity, medical information, SSN, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual orientation or criminal record in their account.

    Whenever you interact with our Service, we automatically receive and record technical information such as your device, IP address, "cookie" information, the version of your operating system ("OS"), and the page you requested. When you use the Service on a mobile platform, we may also collect and record your unique device ID (persistent / non-persistent), hardware type, media access control ("MAC") address, international mobile equipment identity ("IMEI"), your device name, and your location (based on your IP address). We may also collect information regarding your activity on the Service (both individually and on an aggregate basis) and your interactions with other users of the Service.

    The following is a summary of specific ways we may use your personal information:

    • To provide payment processing and account management, operate, measure and improve our Services, keep our Services safe, secure, and operational, and customize Website content.
    • To contact you regarding your account, to respond to your requests or questions, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed or as otherwise necessary to provide you customer service.
    • To send you transactional communications. For example, we might send you emails about your purchase.
    • To provide other services requested by you as described when we collect the Information.
    • To improve our Services, for example by reviewing information associated with stalled or crashed pages experienced by users allowing us to identify and fix problems and give you a better experience.
    • For security purposes. To prevent, detect, mitigate, and investigate fraud, security breaches or other potentially prohibited or illegal activities and/or attempts to harm our users.
    • To monitor and improve the information security of our websites.

    We reserve the right to access, read, preserve, and disclose any Information that we reasonably believe is necessary to comply with law or court order.

    All systems at BrightSites, our e-commerce platform provider, are hosted on the Google Cloud Platform. Google Cloud offers unsurpassed security, reliability, and redundancy ensuring that all store, user, order, and account data is protected. This is done in part with Google’s end-to-end security model and multi-layered infrastructure. Data is encrypted in transit and at rest using HTTPS protocol. BrightStores maintains firewalls, a full threat management suite, and a security team delivering true defense in depth and at scale. When it comes to preventing the threat of distributed denial of services (DDoS) attacks, BrightSites utilizes Google Cloud Armor. Google Cloud Armor provides defense at scale using Google’s global infrastructure and security systems.

    PCI DSS (Payment Card Industry Data Security Standard) is a set of network security and business guidelines adopted by the PCI Security Standards Council to protect customer’s payment card information and personal data. All of our websites on the BrightSites e-commerce platform are PCI Compliant. To keep its PCI Compliance status, BrightSites regularly maintains a highly secure system environment. For Network Security, all systems at BrightSites, are built with security as a core design and development requirement. Secure architecture includes access control, multi-factor authentication, encryption, and state-of-the-art defenses against cyber attacks. For secure credit card processing, all BrightSites company stores that accept credit cards as payments follow strict security guidelines. Credit card data never reaches the BrightSites systems and is securely redirected via iframe and tokenization. BrightSites proactively regularly tests and improves networks and systems. Vulnerability scans, internal and external penetration tests are completed regularly. Test results are analyzed and adjustments are made to continually improve security.

    Our main goal is to protect all customer data and allowing our customers to conduct business. BrightSites has a variety of safeguards and policies in place to make sure our systems are secure, regularly backed up, and that your order and customer details are always kept confidential. To protect against malicious activities, automatic backups are completed every night of the week in the Google Cloud Platform, with at least 7 days retention (up to 14). In case of a disaster, BrightSites utilizes sophisticated monitoring and deferrence systems that immediately alerts its Disaster Recovery Team of a complete or partial system failure. BrightSites has a multi-step process in place to safely restore IT functionality in mission critical systems as soon as possible. BrightSites’ disaster Recovery plan is tested and updated annually or as needed. Its Business Continuity plan is reviewed and optimized annually as a proactive plan to avoid and mitigate risks to business operations. The plans identify mission critical systems, data backup and recovery, and include basic steps to maintain operations in the event of an unforeseen disaster. BrightSites’ policies are continually updated with the ever-changing security needs and requirements and provide clear guidance for encryption, use, passwords and more.

    Your account is protected by a password for your privacy and security. You must prevent unauthorized access to your account and Information by protecting your password and/or other sign-on mechanism appropriately. To help protect your Information, you should not share your account information or password, reuse your password on other sites, or use a password you have used on other sites.

    Through your account settings for the Service, you may access or edit Information you’ve provided and your record of interactions with the Service. Such Information and interactions, and your ability to update them, will vary based on the Service.

    • Delete Information: You can ask us to erase or delete all or some of your personal data (e.g., if it is no longer necessary to provide Services to you).
    • Change or Correct Information: You can edit some of your Information through your account. You can also ask us to change, update, or fix your Information in certain cases, particularly if it’s inaccurate.
    • Object to, or Limit or Restrict, Use of Information: You can ask us to stop using all or some of your information (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if your Information is inaccurate or unlawfully held).
    • Right to Access and/or Take Your Information: You can ask us for a copy of your Information and can ask for a copy of Information you provided in machine-readable form.
    • We never sell your Information As such, it is not necessary that a user opts out of the sale of personal information.
    • You may contact us using the contact information below, and we will consider your request in accordance with applicable laws and in the applicable time frame.
    • Account Closure: If you wish to delete your account, you can do so by logging into your account or by emailing us. After it is no longer necessary for us to retain your Information, we will dispose of it in a secure manner.
    • If at any time you choose to opt out from allowing us to use your Information in the future, contact us directly via email to mail@stweed.com. Upon receipt and process of an opt-out request, we will, within a legal and commercially reasonable period of time, remove your Information from any applicable listings.

    We generally retain your Information as long as reasonably necessary to provide you the Services or to comply with applicable law. However, even after you deactivate your account, we can retain copies of Information about you and any transaction or Services in which you may have participated for a period of time that is consistent with applicable law, applicable statute of limitations or as we believe is reasonably necessary to comply with applicable law, regulation, legal process, or governmental request, to detect or prevent fraud, to collect fees owed, to resolve disputes, to address problems with our Services, to assist with investigations, to enforce our Terms of Service or other applicable agreements or policies, or to take any other actions consistent with applicable law. If a user deletion request has been received and processed, we will no longer retain personal information.

    If you have any questions or concerns regarding our Policy, please send a detailed message to mail@stweed.com and we will try to resolve your concerns.

    It is possible that we will need to disclose information about you when required by law, subpoena, or other legal process or if we have a good faith belief that disclosure is reasonably necessary to:

    • Investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies.
    • Enforce our agreements with you.
    • Investigate and defend ourselves against any third party claims or allegations.
    • Protect the security or integrity of our Service.
    • Exercise or protect the rights and safety of our company, our users, personnel, or others. We attempt to notify users about legal demands for their personal data when appropriate in our judgement, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague, or lack proper authority, but we do not promise to challenge every demand.