Data Privacy Framework (DPF) Privacy Policy

Effective Date: 03/19/2025

Contact Discovery Services, LLC complies with the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF) as set forth by the US Department of Commerce. Contact Discovery Services, LLC has self-certified to the US Department of Commerce that it adheres to the EU-US Data Privacy Framework Principles (EU-US DPF Principles) with regard to the processing of personal data received from the European Economic Area (EEA) in reliance on the EU-US DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-US DPF. Contact Discovery Services, LLC has certified to the US Department of Commerce that it adheres to the Swiss-US Data Privacy Framework Principles (Swiss-US DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-US DPF. If there is any conflict between the terms in this privacy policy and the EU-US DPF Principles and/or the Swiss-US DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program and to view our certification, please visit https://www.dataprivacyframework.gov/.

The Federal Trade Commission has jurisdiction over Contact Discovery Services, LLC’s compliance with the EU-US Data Privacy Framework (EU-US DPF) and the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF).

This DPF Policy (“Policy”) describes how Contact Discovery Services, LLC and its subsidiaries and affiliates in the United States (“US”) (“Contact Discovery,” “Company,” “we,” or “us”) collect, use, and disclose certain personally identifiable information that we receive in the US from the European Economic Area (“EEA”), the United Kingdom (“UK”), and Switzerland (“Personal Data”). This Policy applies to the following US affiliated entities: Cytrex Cyber LLC, Contact Government Services, LLC, and Contact Review LLC.

This Policy supplements our Website Privacy Policy, and unless specifically defined in this Policy, the terms in this Policy have the same meaning as the Website Privacy Policy.

Contact Discovery recognizes that the EEA, the UK, and Switzerland have established strict protections regarding the handling of Personal Data, including requirements to provide adequate protection for Personal Data transferred outside of the EEA, the UK, and Switzerland. To provide adequate protection for certain Personal Data about corporate customers, clients, business partners, and employees received in the US from the EEA, the UK, and Switzerland, Contact Discovery has elected to self-certify to the EU-US Data Privacy Framework (“EU-US DPF”), UK Extension to the EU-US Data Privacy Framework, and Swiss-US Data Privacy Framework (“Swiss-US DPF”) administered by the US Department of Commerce (“DPF Program”). 

Contact Discovery adheres to the DPF Program Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability and the Supplementary Principles.

For purposes of enforcing compliance with the DPF Program, Contact Discovery is subject to the investigatory and enforcement authority of the US Federal Trade Commission. For more information about the DPF Program, see the US Department of Commerce’s DPF website: https://www.dataprivacyframework.gov/. To review Contact Discovery’s representation on the DPF list, see the DPF self-certification list, which is located at: https://www.dataprivacyframework.gov/list.

The Swiss-US DPF will only be relied upon for transferred data from the US to Switzerland from the 15 September 2024. This is the date of entry into force of Switzerland’s adequacy decision by the Swiss Federal Administration.

Your Rights

Under the DPF, you have rights in relation to your Personal Data. These include:

  • Information on the types of Personal Data collected.
  • Information on the purposes of collection and use.
  • Information on the type or identity of third parties to which your personal data is disclosed.
  • Choices for limiting use and disclosure of your Personal Data.
  • Access to your personal data.
  • Notification of the organization’s liability if it transfers your Personal Data.
  • Notification of the requirement to disclose your Personal Data in response to lawful requests by public authorities.
  • Reasonable and appropriate security for your Personal Data.
  • A response to your complaint within 45 days.
  • Cost-free independent dispute resolution to address your data protection concerns.
  • The ability to invoke binding arbitration to address any complaint that the organization has violated its obligations under the DPF Principles to you and that has not been resolved by other means.

You can also verify our self-certification to the DPF and check the information we have provided by viewing our details on the DPF list.

Personal Data Collection and Use

Our Website Privacy Policy describes the categories of Personal Data that we may receive in the US as well as the purposes for which we use that Personal Data. We may receive the following categories of Personal Data in the US: A. Identifiers; B. Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)); F. Internet or other similar network activity; and G. Geolocation data.  

We process Personal Data for the following purposes:. We process Personal Data for the following purposes:

  1. Providing Information and Responding to Inquiries – To respond to request for information about our offerings and services and to communicate with consumers who have provided their contact information.
  2. Marketing and Promotional Activities – To send promotional content, updates, and offers related to our  offerings and services, including through email and digital advertising, in accordance with applicable laws and user preferences.
  3. Website Analytics and Performance Monitoring – To analyze trends, measure engagement, and improve the functionality and effectiveness of our website and marketing campaigns.
  4. Security and Fraud Prevention – To protect against fraudulent or unauthorized activities, monitor for security threats, and ensure the integrity of our website.

Contact Discovery will only process Personal Data in ways that are compatible with the purpose that Contact Discovery collected it for, or for purposes the individual later authorizes. Before we use your Personal Data for a purpose that is materially different than the purpose we collected it for or that you later authorized, we will provide you with the opportunity to opt out. Contact Discovery maintains reasonable procedures to help ensure that Personal Data is reliable for its intended use, accurate, complete, and current.

Data Transfers to Third Parties

Third-Party Agents or Service Providers. We may transfer Personal Data to our third-party agents or service providers who perform functions on our behalf as described in our Website Privacy Policy. Where required by the DPF, we enter into written agreements with those third-party agents and service providers requiring them to provide the same level of protection the DPF requires and limiting their use of the data to the specified services provided on our behalf. We take reasonable and appropriate steps to ensure that third-party agents and service providers process Personal Data in accordance with our DPF obligations and to stop and remediate any unauthorized processing. Under certain circumstances, we may remain liable for the acts of our third-party agents or service providers who perform services on our behalf for their handling of Personal Data that we transfer to them.

Third-Party Data Controllers. In some cases, we may transfer Personal Data to unaffiliated third-party data controllers. These third parties do not act as agents or service providers and are not performing functions on our behalf. We may transfer your Personal Data to third-party data controllers for the purposes described in our Website Privacy Policy. We will only provide your Personal Data to third-party data controllers where you have not opted-out of such disclosures, or in the case of sensitive Personal Data, where you have opted-in if the DPF requires consent. We enter into written contracts with any unaffiliated third-party data controllers requiring them to provide the same level of protection for Personal Data the DPF requires. We also limit their use of your Personal Data so that it is consistent with any consent you have provided and with the notices you have received. If we transfer your Personal Data to one of our affiliated entities within our corporate group, we will take steps to ensure that your Personal Data is protected with the same level of protection the DPF requires.

Disclosures for National Security or Law Enforcement. Under certain circumstances, we may be required to disclose your Personal Data in response to valid requests by public authorities, including to meet national security or law enforcement requirements. We will only do so in accordance with the DPF Principles.

Security

Contact Discovery maintains reasonable and appropriate security measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the DPF.

Access Rights

You may have the right to access the Personal Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of the DPF. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, or deletion of your Personal Data, you can submit a written request to the contact information provided below. We may request specific information from you to confirm your identity. In some circumstances, we may charge a reasonable fee for access to your information.

Questions or Complaints

In compliance with the EU-US DPF, and the UK Extension to the EU-US DPF, and the Swiss-US DPF, COMPANY commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EEA, and UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-US DPF, and the UK Extension to the EU-US DPF, and the Swiss-US DPF should first contact Contact Discovery Services’ privacy representative at privacy@contactdiscoveryservices.com.

Dispute Resolution. If a privacy complaint or dispute relating to Personal Data received by Contact Discovery Services, LLC in reliance on the Data Privacy Framework (or any of its predecessors) cannot be resolved through our internal processes, we have agreed to participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure. Subject to the terms of the VeraSafe Data Privacy Framework Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Data Privacy Framework Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/public-resources/dispute-resolution/submit-dispute/.

If a complaint or dispute cannot be resolved through our internal process, we have also agreed to cooperate with the EU and UK data protection authorities and the Swiss Federal Data Protection and Information Commissioner and to participate in the dispute resolution procedures of the panel established by such data protection authorities. Binding Arbitration. If your dispute or complaint related to your Personal

Binding Arbitration. If your dispute or complaint related to your Personal Data that we received in reliance on the Data Privacy Framework cannot be resolved by us, nor through the dispute resolution mechanism mentioned above, you may have the right to require that we enter into binding arbitration with you under the Data Privacy Framework “Recourse, Enforcement and Liability” Principle and Annex I of the Data Privacy Framework.

Contact Us

If you have any questions about this Policy or would like to request access to your Personal Data, please contact us as follows: 

Contact Discovery Services
Attn: Privacy Representative
1100 13th Street NW, Suite 925
Washington, DC 20005
privacy@contactdiscoveryservices.com
Our appointed privacy representative is Rashida Truesdale.

Changes to This Policy

We reserve the right to amend this Policy from time to time consistent with the DPF’s requirements.

Effective Date: 03/19/2025

Last Modified: 03/19/2025