CGI Federal Inc. (“CGI Federal”) and its subsidiaries (see definition below)(collectively “CGI Federal”) are transparent about how “Personal Data” (see definitions below) is collected, used, and disclosed when received in the United States (“US”) from individuals in the European Economic Area (“EEA”) and Switzerland. CGI Federal policy is based on the “Privacy Shield Principles” (as defined below). Information about the Privacy Shield can be found on the website at https://www.privacyshield.gov. CGI Federal also uses model contractual clauses and other mechanisms approved by the European Union (“EU”) and Switzerland for certain transfers of Personal Data to the US from the EEA and Switzerland.

Definitions

“European Economic Area” or “EEA” means the EU member states (i.e., Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the United Kingdom) as well as Norway, Liechtenstein, and Iceland.

“Personal Data” means any information relating to an individual located in the EEA or Switzerland that can be used to identify that individual either on its own or in combination with other readily available information.

“Privacy Shield Principles” collectively means the seven (7) privacy principles of: Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access and Recourse; Enforcement; and Liability, as well as, the supplemental privacy principles and the associated guidance, details of which can be found at https://www.privacyshield.gov.

“Sensitive Personal Data” means Personal Data regarding an individual’s: racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; and physical, mental health, or sexual life.

“Subsidiaries” means: Stanley Inc.; Stanley Associates, Inc.; Oberon Associates, Inc.; and Government Secure Solutions CGI, Inc.

Collection and Use of Personal Data

When CGI Federal collects Personal Data directly from you, you will be informed regarding the purpose for which CGI Federal collects and uses the Personal Data and the third-parties to whom the Personal Data may be disclosed. CGI Federal also will provide you with the choice and option (if any) to limit disclosure of your Personal Data.

 

CGI Federal may collect Personal Data and/or Sensitive Personal Data that you voluntarily provide when:

  • You interact with CGI Federal on its website at https://www.cgi.com/us/en-us/federal. As you navigate through and interact with CGI Federal’s website, certain information about your device, browsing actions, and patterns (including how you interacted with certain features of the website and your IP address through the use of cookies and other data analytics technologies) will be collected. Cookies are identifiers that are transferred to your computer’s hard drive through your web browser to enable CGI Federal’s systems to recognize your browser. Data may be collected from your browser, such as your IP address, browser type, location, language, access time, and referring website addresses. Such data may be used to analyze trends, administer the website, track your movements around the website, and gather demographic data about the visitor base as a whole. The data gathered by these cookies is in the form of aggregated anonymous data.
  • You visit the website at http://www.ustraveldocs.com in order to apply on-line for a visa to visit the US and/or you create an account using the website at https://cgifederal.secure.force.com (CGI Federal provides services to US federal government, including managing a software interface for individuals in the EEA and Switzerland to apply for a visa to travel to the US). Specifically, CGI Federal may collect Personal Data when you register on this website, login to your account, complete an application, request information, or otherwise communicate with it. The Personal Data collected may vary depending on your interaction with this website and services requested and may include Sensitive Personal Data.
  • You provide CGI Federal with Personal Data for human resource (“HR”) purposes. CGI Federal will process Personal Data for HR purposes such as when you apply to work for CGI Federal or later become an employee. Specifically, CGI Federal may collect Personal Data to evaluate your qualifications for employment, manage the employment relationship (including for performance assessment purposes), and provide you with job benefits and services. CGI Federal also may process certain Sensitive Personal Data as part of the job application process or to provide certain employment benefits.

CGI Federal will only process your Personal Data and Sensitive Personal Data in ways that are compatible with the purpose for which it was collected or for purposes that you later authorize. Your Personal Data and Sensitive Personal Data will be kept for the time period necessary to serve the purpose for which it was collected.

Disclosure of Personal Data

Your Personal Data may be shared with third parties where necessary and appropriate for the original purpose for which it was collected (e.g., granting or denying a visa to travel to the US, considering your application for employment, etc.) and not for any other purpose.

Personal Data may be transferred to third parties that act as agents, consultants, and subcontractors to allow them to perform tasks on CGI Federal’s behalf as instructed. For example, Personal Data may be stored in facilities operated by third parties. These third parties must agree to use the Personal Data only for the purposes for which they have been engaged by CGI Federal. Where required by the Privacy Shield, CGI Federal will enter into written agreements with those third parties requiring that they provide the same level of protection as required by the Privacy Shield.

CGI Federal also may be required to disclose Personal Data in response to a lawful request, including to meet national security or law enforcement requirements. CGI Federal is liable for the appropriate onward transfer of Personal Data to third parties.

Security Measures to Protect Personal Data

CGI Federal maintains reasonable physical, technical, and administrative safeguards to help protect against the unauthorized access, use, and disclosure of Personal Data that you voluntarily provide in accordance with the Privacy Shield Principles. CGI Federal uses reasonable efforts to maintain the accuracy of such Personal Data and update it as appropriate.

Access, Review, and Correction

You have the right to access your Personal Data. Upon reasonable request and as required by the Privacy Shield Principles, individuals are allowed to access Personal Data held about you and you may request correction, amendment, or deletion of such Personal Data if it is inaccurate or processed in violation of the Privacy Shield. These rights may not apply in some cases, including, but not limited to, where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. These rights also may not apply if the data is collected in connection with a US federal government requirement that is exempt from the Privacy Shield frameworks. If you would like to request access to, correction, or deletion of your Personal Data, then you must submit a written request to the point of contact identified below and cooperate with information requests from CGI Federal to confirm your identity.

Questions or Complaints

CGI Federal commits to resolve complaints about your privacy and our collection of your Personal Data in compliance with the Privacy Shield Principles. Individuals based in the EEA or Switzerland can contact us with questions or concerns about their Personal Data at: Privacy@CGIFederal.com.

If your question or concern is not resolved, then the dispute will be referred to JAMS Mediation, Arbitration, and ADR Services for resolution. As a last resort and in certain limited situations, individuals in the EU may seek redress from the Privacy Shield Panel, which is a binding arbitration mechanism.

CGI Federal commits to cooperate with EU data protection authorities and comply with the advice given by such authorities with regard to HR data transferred from the EU in the context of the employment relationship.

Changes

CGI Federal reserves the right to make changes to this Policy from time to time consistent with the Privacy Shield’s requirements.

Contact Us

If you have any questions about this Policy or would like to request access to your Personal Data, please contact us at: Privacy@CGIFederal.com.