Privacy Shield

Data Privacy Framework Notice

Effective Date: August 18, 2023

Crowe LLP, C3 Ventures, and Crowe Healthcare Risk Consulting LLC (collectively, “Crowe”) comply with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the UK, and Switzerland to the United States. Crowe has certified to the Department of Commerce that it adheres to the Data Privacy Framework Principles. This Notice only applies to personal information within the scope of Crowe’s Data Privacy Framework certification.

Crowe's participation in the Data Privacy Framework program applies to all personal information that we receive from the European Union, United Kingdom and Switzerland. Crowe collects and receives personal information from the European Union, United Kingdom and Switzerland in connection with client engagements for audit, tax and other professional services and the administration of the client relationship. We also collect and receive personal information related to current, former, and prospective personnel in connection with personnel relationship and/or from other member firms of Crowe Global in connection with employment or internship opportunities. We may also collect personal information from individuals located in the European Union, United Kingdom and Switzerland who voluntarily provide such information through Crowe's Web sites in connection with events or media alerts. Please see the Privacy Statement on our external Web site at www.crowe.com/privacy-policy for more information regarding how we use information collected through our Web sites. In addition, we may collect personal information regarding third parties, such as service providers and contractors, and their personnel in connection with the management and administration of the business relationships with such third parties.

In some instances, we disclose personal information to third parties in the course of operating our business, including our provision of services to clients and our personnel and business relationships. Crowe is responsible for ascertaining that these third parties provide at least the same level of privacy protection as is required by the Data Privacy Framework. If we use a third party service provider, we will remain responsible for the provision of services (including those provided by our third-party service provider) and for the protection of your personal information. If a third party fails the required Data Privacy Framework privacy protections, we may be responsible for such third party’s acts if (i) the third party failed to meet its privacy protection obligations, and (ii) we were responsible for the event giving rise to the damage.

The Federal Trade Commission has jurisdiction over Crowe's compliance with the representations made in this notice and the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework. Crowe may be required to disclose personal information to law enforcement, regulatory or other government agencies, or other third parties, in each case to comply with legal, regulatory, or national security obligations or requests.

Individuals have the right to access their personal information, and to correct, amend or delete such information where it is inaccurate or processed unlawfully, as described in the Data Privacy Framework Principles. To exercise these rights, please email us at [email protected]. We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents or service providers, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit to [email protected].

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Crowe commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Crowe at [email protected].

Crowe commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/eu-us-data-privacy-framework for more information or to file a complaint. The services of JAMS are provided at no cost to you.

Finally, if your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. For more information regarding your right to binding arbitration please see Annex I of the DPF.

This policy may be amended or modified from time to time consistent with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and Swiss-U.S. Data Privacy Frameworks. If there is any conflict between the terms in this Notice and the Data Privacy Framework Principles, the Data Privacy Framework Principles shall govern. To learn more about the Data Privacy Framework, please visit https://www.dataprivacyframework.gov/s/ To view Crowe’s certification, please visit https://www.dataprivacyframework.gov/s/participant-search.