European Privacy Policy

CRB Group, Inc., Clark, Richardson and Biskup Consulting Engineers, Inc., CRB Builders LLC, CRB Architects-Engineers P.C., CRB Group GmbH, and the subsidiaries and affiliates of our companies (collectively, “CRB,” “we,” “us,” or “our”) developed this Privacy Policy (“Privacy Policy” or “Policy”) to provide European individuals with information concerning our personal data collection, personal data processing, and our privacy and security practices. If you are a CRB employee or independent contractor located in Europe, please review our European Employee Privacy Policy, which is located on our internal network, for information about our collection, usage, transfer, data protection, and privacy practices with respect to your personal data.  If you reside outside of Europe, please review our Main Privacy Policy.

Personal data” is any information relating to an identified or identifiable natural person, or that could reasonably be linked, directly or indirectly, with a particular person or household. “You” and “your” refers to the person reading this Privacy Policy, which may include CRB clients, potential clients, potential employees, subcontractors, vendors and suppliers, as well as individuals working for such clients, potential clients, subcontractors, and suppliers; customers of CRB’s clients and individuals that will or may be impacted by work performed by CRB or CRB clients; CRB’s job applicants; and individuals that visit our websites or use our applications. Your personal details are not accessed by CRB when you view our website unless and until you fill out our contact form.

I. Categories of Personal Data Processed by CRB

In this section of the Privacy Policy, we provide information on the categories of personal data we collect, and information linking those categories to (1) the processing operations we perform, and (2) the purposes and legal bases of such processing operations.

A. Personal Data that is Processed when You Interact with Us. When you interact with us by phone, email, webform, or we meet you in person at a conference or other event, CRB will collect personal data from you and/or the conference host, including, as applicable, your name, nickname, credentials, email address, mailing address, phone number, company name, title, information about your colleagues, preferred method of communication, conference attended, contacts with CRB associates, and location in which you work.

Purpose and Legal Ground: We process this personal data to pursue and manage business relationships, to provide requested information, and answer your questions about CRB’s services and goods. The legal ground for processing this personal data for this purpose is CRB’s legitimate interest in developing business relationships, gaining business insights, and providing clients and potential clients with information that they request about CRB’s services and goods.

B. Personal Data that is Processed when we Collect Information About You Through Publicly Available Sources and Industry Resources. When we review publicly available newsletters and industry resources, we collect personal data about you including as applicable, your name, credentials, email address, mailing address, phone number, company name, title, and location in which you work.

Purpose and Legal Ground: We process this personal data to pursue and manage business relationships. The legal ground for processing this personal data for this purpose is CRB’s legitimate interest in developing business relationships, gaining business insights, and offering services and goods to customers and potential customers.

C. Personal Data that is Processed when You or Your Organization Engages Us to Perform a Project. When you or your organization engages us to provide engineering, architecture, construction, or consulting services, CRB will collect personal data including your name, email address, mailing address, organization, industry, position, and signature from you, or someone else in your organization.

Purpose and Legal Ground:  We process this personal data to provide you or your organization with requested services and goods. If you engage us, the legal ground for processing this personal data for this purpose is the performance of a contract.  If your organization engages us, the legal ground for the processing is CRB’s legitimate interest in providing requested services to your organization.

D. Personal Data that is Processed when You Browse and Interact with Our Website or Apps. If you browse or interact with our websites or applications, CRB will place cookies on your computer or device’s hard drive through your web browser. CRB will collect your network or connection information (g., IP address); browser type, browser version, browser language, device time zone, operating system, operating system version, location, time of visit, date of visit, page views, and clicks either directly from you or from a third-party service provider through cookies.

Purpose and Legal Ground:  The types of cookies we use fall into the following categories.  The processing purposes and legal bases for each category are set out below.

Necessary Cookies:  These cookies are required for the website and applications to perform the basic functions, such as protecting your information. The legal ground for processing personal data for this purpose is CRB’s legitimate interest in ensuring that our website functions as intended and in a secure manner while honoring users’ choices and preferences.

Functional Cookies:  These cookies are used to analyze website and application usage and performance and to perform other basic functions, such as remembering your location and language preferences. The legal ground for processing this personal data is your consent, which you may withdraw at any time by contacting us via email at [email protected].

Advertising Cookies:  These cookies are used to facilitate advertising on partner websites and social media, such as personalizing the advertisements that you see or evaluating effectiveness of marketing campaigns. The legal ground for processing this personal data is you consent, which you may withdraw at any time by contacting us via email at [email protected].

For additional information, see the Cookies & Similar Technologies privacy notice section of this Privacy Policy below.

D. Personal Data that is Processed when You Subscribe to a Newsletter, Report, or other Marketing Communication or fill out our Contact webform. If you subscribe to CRB’s Insights Newsletter, CRB’s Horizons Report, other CRB marketing communications, or fill out our Contact, CRB will collect your name, email address, job title, company name, location, and phone number from you.

Purpose and Legal Ground: CRB processes this personal data to send you the newsletter, report, or other marketing communication to which you subscribed. The legal ground for processing this personal data for these purposes is your consent, which you may withdraw at any time by using the unsubscribe link included in the email with your newsletter, report, or other marketing communication.

E. Personal Data that is Processed when You Respond to a Survey. If you respond to one of our surveys, CRB will collect your name, company, position at your company, interest in our services, email address, mailing address, phone number, registration for our conferences, IP address, and comments about the relevant topic from you.

Purpose and Legal Ground:  CRB processes this personal data to gain business insights; receive feedback on our services and goods; and to gather information needed to inform decisions about our services, business approach, and potential business opportunities. The legal ground for processing this personal data for these purposes is CRB’s legitimate interest in obtaining business insights and feedback on our services, business approach, and potential business opportunities and goods; and making informed decisions about innovation, growth, pricing, and promotions.

F. Personal Data that is Processed when You Sign-in as a Visitor at One of Our Offices. When you sign-in as a visitor at our one of our offices, CRB may collect your name, email address, phone number, photo, country of residence, company, time of arrival, and CRB host name from you.

Purpose and Legal Ground:  CRB processes this personal data to connect you to your CRB host when you arrive, to document your visit, and to enable employees to easily identify you in our offices. The legal ground for processing this personal data for these purposes is CRB’s legitimate interest in confirming that everyone in our offices is authorized to be in our offices; protecting individuals in our offices; and protecting the intellectual property, data, furniture, fixtures, equipment, and all other tangible objects in our office.

G. Personal Data that is Processed when You Approach, Enter, or Pass Through Our Property. When you approach, enter, or pass through a parking lot, parking structure, or building that we own or lease, including common areas of our offices, CRB may use security cameras to collect videos of you that will record the time during which you are present, as well as your behavior.

Purpose and Legal Ground:  There are multiple circumstances where your presence on our property or premises will lead to CRB processing your personal data.

  1. Personal Data that is Processed when You Enter Our Parking Lots, Parking Structures, Buildings, or Offices. CRB processes videos of you, the time of your appearance at our properties, and your behavior to control access to and protect individuals, their personal property, and our intellectual and physical property. The legal ground for processing this personal data for this purpose is CRB’s legitimate interest in securing our parking lots, parking structures, buildings, and offices.
  2. Personal Data that is Processed in the Event of Property Damage, Theft, or Other Potential Crimes. When property damage, theft, or other potential crimes occur in or near our parking lots, parking structures, or buildings, CRB processes personal data captured through security cameras, including videos of individuals, the time, and individuals’ behavior.  The purpose of processing such information is to internally investigate property damage, theft, and other potential crimes, and to assist law enforcement agencies with criminal investigations. The legal ground for processing this personal data for these purposes is CRB’s legitimate interest in preventing property damage, theft, and other crimes, remedying injuries to our employees, visitors, and their property, ensuring the safety of our employees and visitors, and preventing crime on or near our properties.

H. Personal Data that is Processed when You Submit Supplier or Subcontractor Registration or Update the Same. When you register yourself individually as a CRB supplier or subcontractor (g., as a sole proprietorship or individual independent contractor) in CRB’s Supplier and Subcontractor Registration and Pre-Qualification System, when you complete a CRB supplier or subcontractor registration on behalf of your organization, when your organization completes a CRB supplier or subcontractor registration and lists you as a contact point, or when you or your organization update such registrations, CRB will collect your username, password, name, company name, email address, phone number, mailing address, taxpayer ID, company classification, key financial statements, bonding information, project references, safety information, Experience Modification Rate (EMR) information, lost workday incident history, quality management program, certifications, and licenses. If you are selected as a supplier or subcontractor, we will also collect bank account information (e.g., financial institution name, bank account number, account type) from you for purposes of paying you.

Purpose and Legal Ground:

  1. When CRB collects your name, email address, and phone number, we process this personal data to contact you about services and goods that you or your organization provide or may provide to CRB. The legal ground for processing this personal data for these purposes is CRB’s legitimate interest in selecting suppliers and subcontractors, and effectively managing our supply chain.
  2. When CRB collects username, password, name, company name, email address, phone number, mailing address, taxpayer ID, company classification, key financial statements, bonding information, project references, safety information, Experience Modification Rate (EMR) information, lost workday incident history, quality management program, certifications, and licenses, we process that personal data to assess you or your organization’s qualifications and capacity to provide services and goods to CRB. The legal ground for processing personal data for this purpose is CRB’s legitimate interest in protecting our project sites, employees, and contractors, and providing services and goods to our clients that meet our high standards.
  3. When CRB collects banking information, we process that information for purpose of transferring payment to a supplier or subcontractor via ACH transfer. The legal ground for processing personal data for this purpose is the performance of our contract with you for the services or goods that you provide to us.

I. Personal Data that is Processed During the Course of a Project. If you or your organization engages CRB to provide goods or services, or CRB engages you or your organization as a supplier or subcontractor to provide goods or services, CRB will have access to your name, email address, role, and project comments through our project management software (g., Microsoft Dynamics 365 aec360, Microsoft Excel, Deltek Vision).

Purpose and Legal Ground:  CRB processes this personal data to provide requested services and manage client expectations and supplier and subcontractor obligations. The legal ground for processing this personal data for these purposes is CRB’s legitimate interest in collaborating with its clients and suppliers and subcontractors in order to provide requested services to our clients.

J. Personal Data that is Processed when You Apply for a Position through our Website. When you apply for a position at CRB by either manually completing a profile or automatically completing an application through Indeed or SmartRecruiter, CRB will collect your name, email address, place of residence, phone number, job experience, educational history, online content (g., LinkedIn, Facebook, Twitter, website), your authorization to work in the relevant country, your eligibility to apply for a working permit in the relevant country, your willingness to travel as an essential function of the position, your resume, which may include additional information about your skills, interests, and objectives, and any message you send CRB about your interest in a position.

Purpose and Legal Ground:

  1. When CRB collects your name and email address, we process this personal data to communicate with you about the status of your application. The legal ground for the processing of this personal data for this purpose is CRB’s legitimate interest in assessing and verifying the skills, qualifications, and background of potential employees, managing its hiring process, and communicating with potential employees about that process.
  2. When CRB collects your name, email address, place of residence, phone number, job experience, educational history, online content, your authorization to work in the relevant country, your willingness to travel if that is an essential function of the position, your resume, and any messages you send to CRB’s hiring manager about your interest in a position, we process this personal data to verify your identity; evaluate your qualifications and experience; and determine whether you are a good fit for the position in which you are interested. The legal ground for the processing of this personal data for these purposes is CRB’s legitimate interest in assessing and verifying the skills, qualifications, and background of potential employees, managing the hiring process, and communicating with potential employees about that process.
  3. When CRB collects your gender and ethnicity, we do so to ensure we are engaging and hiring from a diverse candidate pool and to create a diverse and inclusive workforce. We only collect this information with your affirmative consent.

II. Categories of Recipients of Personal Data

In this section of our Privacy Policy, we provide information on the categories of recipients of personal data, the categories of personal data that will or may be transferred, and the purposes of such transfers.

A. CRB’s U.S. Entity. If you or your organization engages us to perform a project in Europe, CRB will transfer your personal data, including project costs and accounts payable, from the CRB entity in the European Union or Switzerland to one of our U.S. entities. If you or your organization is a supplier or subcontractor for CRB in Europe, CRB will transfer your personal data, including your name, project working hours, and compensation, from the CRB entity in your region to one of our U.S. entities.

Recipient Industry, Recipient Location, and Purpose of Transfer:  The U.S. entities are a part of our architecture, engineering, and construction firm, which is part of the construction industry, the construction and engineering sectors, and the development and construction of buildings and structures subsectors; such entities are located in the U.S. The purpose of such transfers is either (1) to estimate project costs and prepare invoices for the services we provide; or (2) if you or your organization is one of our suppliers or subcontractors, to pay you or your organization for services and goods received.

B. CRB Clients. If CRB engages you or your organization as a supplier or subcontractor on a project, CRB may transfer your personal data, including your name, email address, role, and project comments to one of CRB’s clients through our project management software (g., Microsoft Dynamics 365 aec360, Microsoft Excel, Deltek Vision).

Recipient Industry, Recipient Location, and Purpose of Transfer:  Our client could be an individual or organization in any industry that CRB serves, including but not limited to any client in the manufacture of basic pharmaceutical products and pharmaceutical preparations industry; manufacture of food products industry; manufacture of beverages industry; professional, scientific, and technical industry.  Our client could be located in any country that CRB serves, including in Europe, Canada, Puerto Rico, and the U.S. The purpose of these transfers is to enable our subcontractors to assist us in providing our clients with requested goods and services and managing client expectations and subcontractor obligations.

C. CRB Subcontractors. If you or your organization engages CRB on a project, CRB will transfer your personal data, including your name, email address, role, and project comments to CRB’s subcontractors, including subcontractors’ officers, managers, or employees, through project management software (g., Microsoft Dynamics 365 aec360, Microsoft Excel, Deltek Vision).

Recipient Industry, Recipient Location, and Purpose of Transfer:  Our subcontractor could be an organization or an individual in any industry that CRB contracts with for services.  Our subcontractors most often are a part of (1) the professional services industry, the architectural and engineering sector, and the architectural and engineering consultancy subsector; (2) the construction industry, construction of buildings sector, and development of building projects subsector; or (3) the information industry, information services sector, and the data processing subsector.  Our subcontractors could be located in any country where CRB serves clients, including in Germany, Switzerland, Canada, Puerto Rico, or the U.S. The purpose of these transfers is to provide requested services and to manage client expectations and subcontractor obligations.

D. Payment Processors for Subcontractors & Suppliers.  If you, individually as a CRB supplier or subcontractor (e.g., as a sole proprietorship or individual independent contractor), provide CRB with services or goods, CRB will transfer your name, banking information, and accounts receivable information to a payment service provider.

Recipient Industry, Recipient Location, and Purpose of Transfer:  Our payment processors service provider is part of the financial industry, the financial services sector, and the transaction processing subsector, and is located in the U.S.  The purpose of this transfer is to pay you for services and goods you provide to CRB.

E. Website Hosts and Analytics Service Providers. If you browse or interact with our websites, CRB will transfer your personal data, including your network or connection information (such as IP address); browser type, browser version, browser language, device time zone, operating system, operating system version, location, time of visit, date of visit, page views, and clicks to our website hosts (g., Cloudflare, Inc.) and website analytics service providers (e.g., Google Analytics).

Recipient Industry, Recipient Location, and Purpose of Transfer:  Our website hosts and website analytics service providers will be a part of the information industry, information services sector, and the data processing subsector. Our website hosts and website analytics service providers are located in the U.S. The purpose of this transfer is to improve the quality and functionality of our websites.

F. Website Content Management Services Providers. If you contact us through our website, communicate with us through our website, or give your consent for us to use images or videos of you, CRB will transfer your personal data, including name, email address, industry, company, message contents, images, and videos to our website content management service provider, HubSpot.

Recipient Industry, Recipient Location, and Purpose of Transfer:  Our website content management service provider will be a part of the information industry, information services sector, and the data processing subsector.  Our website content management service provider is located in the U.S. The purpose of this transfer is to structure and manage our websites and to review their quality and function.

G. Email Marketing Service Providers. If you or your organization contact us through a webform on our website, connect with us at a conference, subscribe to our blog, newsletter, marketing emails, or other publication, CRB will transfer your personal data, including your name, email address, company, industry, and other information you have shared with us to our email marketing service provider, HubSpot.

Recipient Industry, Recipient Location, and Purpose of Transfer:  Our email marketing service provider is a part of the information industry, information services sector, and the data processing subsector.  Our email marketing service provider is located in the U.S.  The purpose of this transfer is to provide with information you request about our services and goods, provide you with magazines, blogs, newsletters, and other publication you subscribe to, and to send you other marketing emails you subscribe to receive.

H. Email Verification Service Provider. If you or your organization subscribe to our newsletter, other publication, or marketing emails, CRB will transfer your personal data, including your name, email address, company, and industry to our email verification service provider.

Recipient Industry, Recipient Location, and Purpose of Transfer:  Our email verification service provider is a part of the information industry, information services sector, and the data processing subsector.  Our email verification service providers is located in the U.S. The purpose of this transfer is to review our email lists for opt-out requests; check our email lists to ensure subscribers, such as you, are still interested in receiving our emails; remove temporary or invalid emails from our email listings, and improve the quality of our email lists by verifying subscribers’ names, subscribers’ email addresses, and the domain names of those email addresses.

I. Client Relationship Management Service Providers. If you engage CRB to provide services or your organization engages CRB to provide services and lists you as a contact, CRB will transfer your personal data, including your name, email address, organization, and industry to CRB’s client relationship management service providers (g., Microsoft Dynamics 365 aec360).

Recipient Industry, Recipient Location, and Purpose of Transfer:  Our client relationship management service providers are a part of the information industry, information services sector, and the data processing subsector. Our client relationship management service providers are located in the U.S.  The purpose of these transfers is to enable CRB to better manage our relationships with current and potential clients and to obtain technical support with respect to client relationship management services, as needed, from our client relationship management service providers.

J. Procurement Contract Management Service Providers. If you provide services or goods to CRB as a supplier or subcontractor or your organization provides services or goods to CRB and you are the contact for your organization, CRB will transfer your personal data, including your name, title, and signature to our procurement contract management service providers.

Recipient Industry, Recipient Location, and Purpose of Transfer:  Our procurement contract management service providers are a part of the information industry, information services sector, and the data processing subsector.  Our procurement contract management service providers are located in the U.S. The purpose of these transfers is to manage our procurement process and to enable CRB to obtain customer support from our procurement contract management service providers.

K. Human Resources Database Service Provider and Recruitment Service Providers. If you apply for a position at CRB, CRB will transfer your name, email address, place of residence, phone number, job experience, educational history, online content (g., LinkedIn, Facebook, Twitter, website), your resume, which may include additional information about your skills, interests, objectives, and any message you send about your interest in a position to a human resources and/or recruitment database service provider (e.g., SmartRecruiters).

Recipient Industry, Recipient Location, and Purpose of Transfer:  Our human resources database service provider is part of the information industry, information services sector, and the data processing subsector.  Our human resources database service providers are located in the U.S., Europe, and Canada.  The purpose of this transfer is to enable the storage of and our access to job applicant personal data.

L. Governmental Entities and Third Parties in Connection with Legal Matters. If CRB has your consent to transfer your personal data to governmental entities or other third parties in connection with a legal matter; must comply with a valid subpoena, legal order, court order, warrant, legal process, or other legal obligation related to your personal data; is seeking to enforce any of our terms and conditions, policies, or other agreements; or must transfer your personal data to pursue available legal remedies or defend legal claims, CRB will transfer the relevant part of your personal data to a government entity or other third party.

Recipient Industry, Recipient Location, and Purpose of Transfer:  The governmental entities could be courts, regulatory agencies, law enforcement agencies, security or intelligence agencies, or any other government entities with lawful authority to compel the transfer of your personal data. The governmental entities will be a part of the public sector, and will be engaged in law enforcement, adjudication, intelligence, or other regulation. The third parties could be law firms, expert witnesses, compliance consultants, or other third parties in any industry in connection with legal matters.  The governmental entities or third parties involved with legal matters could be located in any country where CRB does business, including but not limited to Germany, Switzerland, Canada, Puerto Rico, and the United States. The purpose of such a transfer is to defend CRB’s legal interests and to comply with our legal obligations.

M. Third Parties in Connection with a Potential Reorganization: We may transfer personal data to a prospective seller or buyer in the event of a potential reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of CRB’s assets or stock, including, without limitation, in connection with any bankruptcy or similar proceeding.

Recipient Industry, Recipient Location, and Purpose of Transfer:  The third-party buyers or sellers could be part of any industry and located in any country.  The purpose of the transfer would be to enable a reorganization, merger, joint venture, assignment, transfer, or other disposition.

III. Cookies & Similar Technologies

As you interact with our websites and applications, we, with assistance from third-party analytics service providers, collect personal data pertaining to your use of CRB’s websites and the devices and programs from which you access our websites and applications (“Usage Data”) using cookies and similar technologies.

A. What are Cookies?

Cookies are small computer files sent or accessed from your browser or our application on the hard drive of your computer, mobile device, or tablet that contain information about your device, such as your user ID, user settings, browsing history, and activities conducted while browsing websites (e.g., pages viewed; navigation around a website).  Cookies are used to “remember” when your computer or devices access our websites.

B. How Do We Use Cookies?

Cookies are essential for the effective operation of our websites and applications and help you to navigate our websites and applications.  CRB and its third-party service providers use cookies to monitor your browsing behavior.

The primary purposes for which cookies are used are: (1) For the effective operation of our websites and applications, especially in connection with website navigation and online communications; (2) To monitor and improve the quality and user-friendliness of our websites and applications; (3) To monitor the success of our advertising campaigns and marketing-related activities (e.g., promotions); and (4) To assist CRB in detecting and preventing fraud, denial of services attacks, and other malicious activity directed at our websites or through our applications.

C. How Can You Manage Cookies?

If you do not want Usage Data collected through the use of cookies and similar technologies, there is a procedure in most browsers that allows you to automatically decline many of these technologies, or to be given the choice of declining or accepting them.  Cookies that are required to enable core site functionality cannot be disabled.  To assist in controlling website-specific cookies, check the privacy and cookie setting in your preferred browser.

If you are in the European Union, the United Kingdom, or another country that requires your consent before processing your Usage Data, we process your Usage Data based on the consent you provide when you click the box noting that you “Accept” the processing of your personal data obtained through cookies and other data collection tools.  You may withdraw your consent by contacting us via email at [email protected].

IV. Third-Party Privacy Practices

Our websites may provide links to other third-party internet websites as a service to you.  We are not responsible for the privacy practices of such other third-party internet websites. If you link to such a site through our websites, you should always review any privacy notice that is available for that website.

V. Protecting Your Personal Data

We implement technical and organizational measures designed to assist in maintaining the security and confidentiality of personal data; safeguarding against anticipated threats to the confidentiality, integrity, and availability of personal data; and protecting personal data against accidental or unlawful destruction, loss, alteration, and unauthorized access or disclosure.

However, whenever personal data is processed, there is a risk that such data could be lost, misused, modified, hacked, breached, and/or otherwise accessed by an unauthorized third party.  No system or online transmission of data is completely secure.  In addition to the technical and organizational measures that CRB has in place to protect your personal data, you should use appropriate security measures to protect your personal data. If you believe that any personal data you provided to us is no longer secure, please notify us immediately at [email protected].

VI. Retention of Personal Data

CRB will retain your personal data for the time period necessary to fulfill the purposes for which your personal data was originally collected or received and to meet CRB’s legal obligations.  If you are a resident of the European Union, the United Kingdom, or any other country that provides data subjects with the right to delete, please see the section below under European Personal Data Rights for information on the right to delete.

VII. European Personal Data Rights

If you reside in the European Union or the United Kingdom, you have the following rights under the General Data Protection Regulation (“GDPR”) or the UK GDPR (as applicable) regarding the processing of your personal data:

A. Right of Access. You have the right to receive a copy of the personal data that we hold about you.

B. Right to Rectification. You have the right to correct or complete any inaccurate or incomplete personal data that we hold about you.

C. Right to Deletion. In certain circumstances, you have the right to request that we erase the personal data that we hold about you.

D. Right of Data Portability. In certain circumstances, you have the right to request that we supply you with the personal data that we hold about you in a structured, commonly used, and machine-readable format and/or, where technically feasible, to transmit such personal data to another organization.

E. Right to Restrict Processing. In certain circumstances, you have the right to restrict our processing of the personal data that we hold about you.

F. Right to Bring a Complaint to Supervisory Authority. You have the right to lodge a complaint with the relevant supervisory data protection authority.

G. Right to Withdraw Consent. If our lawful basis for processing your personal data is your consent, you have the right to withdraw your consent at any time.

H. Right to Object. You have the right to object to the processing of your personal data on certain grounds, including:

  • For Direct Marketing Purposes. The right to object to the processing of your personal data for direct marketing purposes, including profiling related to direct marketing.
  • For Legitimate Interests. The right to object to the processing of your personal data that is based on our or a third party’s legitimate interests, including profiling related to such legitimate interests.

If you reside in Switzerland, you are entitled to the data subject rights available under Swiss data protection law.  Please see the Exercising Your Rights section of this Privacy Policy to learn how to exercise your rights related to personal data that is in our possession and/or under our control.  For more information about your rights under the GDPR or the UK GPDR, including information about the circumstances under which different rights are applicable, please visit the European Commission’s My Rights Page, which can be viewed in a number of languages or the Your Data Protection Rights Page from the UK Information Commissioner’s Office website.

VIII. Other Personal Data Rights

If you are located outside of Europe, Switzerland, or the United Kingdom, you may have privacy rights under your local laws.  If you reside in the United States, Canada, or Puerto Rico, you may have privacy rights that are addressed in our Privacy Policy.  If you reside in other parts of the world, you may have other privacy rights.  Please reach out to us with any questions or requests to exercise any privacy rights that you may have using contact information provided in the How to Contact Us section.

IX. Exercising Privacy Rights

To exercise your rights described in this Privacy Policy, please submit a verifiable consumer request to us through one of the following methods:

A. Submission Methods. You may submit request to exercise your privacy right(s) by emailing us at [email protected].

B. Submission Contents. Requests to exercise your privacy right should include the following information:

  • Your name;
  • The country in which you currently reside;
  • Which privacy right(s) you are requesting to exercise;
  • Details that will assist us in responding to your request, including:
    • If you are exercising access rights, the information to which you are requesting access;
    • If you are exercising deletion rights, the information for which you are requesting deletion;
    • Any other relevant information about your personal data and/or the right you are exercising; and
  • A phone number and/or email address at which we can reach you.

X. Data Controller

Personal data collected by CRB and processed for its business purposes, as well as personal data collect or processed on behalf of CRB, is controlled by:

CRB Group, Inc.
1251 NW Briarcliff Parkway, Suite 500
Kansas City, Missouri 64116

XI. Cross-Border Transfers of Personal Data

When we receive your personal data, it may be stored on servers in the United States and/or in other countries outside of the EU, the United Kingdom, and Switzerland.  Your personal data may be transferred to and processed by CRB and its third-party service providers, partners, suppliers, and subcontractors in the United States or in other countries outside of the EU, the United Kingdom, and Switzerland. The data protection and privacy laws of the United States and other countries may not be as comprehensive as the laws of your country. For example, personal data transferred to the United States may be subject to lawful access requests by U.S. federal and state authorities. For transfers of EU, UK, and Swiss personal data to service providers in the United States and other locations outside of the EU and Switzerland for which no adequacy decision has been reached by appropriate regulatory authorities, CRB will rely on Standard Contractual Clauses as the lawful transfer mechanism to support such transfers.

XII. Privacy Policy Updates

We may update this Privacy Policy from time to time as we add new services or offerings; as we improve our current services and offerings; and as technologies and laws change.  It is our policy to post any changes we make to our Privacy Policy on our websites.  Any changes will become effective thirty (30) days after our posting of the revised Privacy Policy on the websites.  The date this Privacy Policy was updated and the date it became effective are identified at the top of the first page.  If we make material changes to how we treat the personal data that falls within the scope of this Privacy Policy, we will notify you by email or through a prominent notice on the homepage of our websites.

XIII. How To Contact Us

If you have questions, complaints or any need for assistance relating to your personal data, you may contact us by email at [email protected] or by writing to us at the following address:

CRB Group GmbH
Attention: Manager of Compliance
Viadukstrasse 42, 4th Floor
4051 Basel, Switzerland