CGI Federal Inc. (“CGI Federal”) and its subsidiaries (see definition below)(collectively “CGI Federal”) are transparent about how “Personal Data” (see definitions below) is collected, used, and disclosed when received in the United States (“US”) from individuals in the European Economic Area (“EEA”) and Switzerland. CGI Federal policy is based on the “Privacy Shield Principles” (as defined below). Information about the Privacy Shield can be found on the website at https://www.privacyshield.gov. CGI Federal also uses model contractual clauses and other mechanisms approved by the European Union (“EU”) and Switzerland for certain transfers of Personal Data to the US from the EEA and Switzerland.
“European Economic Area” or “EEA” means the EU member states (i.e., Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the United Kingdom) as well as Norway, Liechtenstein, and Iceland.
“Personal Data” means any information relating to an individual located in the EEA or Switzerland that can be used to identify that individual either on its own or in combination with other readily available information.
“Privacy Shield Principles” collectively means the seven (7) privacy principles of: Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity and Purpose Limitation; Access and Recourse; Enforcement; and Liability, as well as, the supplemental privacy principles and the associated guidance, details of which can be found at https://www.privacyshield.gov.
“Sensitive Personal Data” means Personal Data regarding an individual’s: racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; and physical, mental health, or sexual life.
“Subsidiaries” means: Stanley Inc.; Stanley Associates, Inc.; Oberon Associates, Inc.; and Government Secure Solutions CGI, Inc.
Collection and Use of Personal Data
When CGI Federal collects Personal Data directly from you, you will be informed regarding the purpose for which CGI Federal collects and uses the Personal Data and the third-parties to whom the Personal Data may be disclosed. CGI Federal also will provide you with the choice and option (if any) to limit disclosure of your Personal Data.
CGI Federal may collect Personal Data and/or Sensitive Personal Data that you voluntarily provide when:
CGI Federal will only process your Personal Data and Sensitive Personal Data in ways that are compatible with the purpose for which it was collected or for purposes that you later authorize. Your Personal Data and Sensitive Personal Data will be kept for the time period necessary to serve the purpose for which it was collected.
Disclosure of Personal Data
Your Personal Data may be shared with third parties where necessary and appropriate for the original purpose for which it was collected (e.g., granting or denying a visa to travel to the US, considering your application for employment, etc.) and not for any other purpose.
Personal Data may be transferred to third parties that act as agents, consultants, and subcontractors to allow them to perform tasks on CGI Federal’s behalf as instructed. For example, Personal Data may be stored in facilities operated by third parties. These third parties must agree to use the Personal Data only for the purposes for which they have been engaged by CGI Federal. Where required by the Privacy Shield, CGI Federal will enter into written agreements with those third parties requiring that they provide the same level of protection as required by the Privacy Shield.
CGI Federal also may be required to disclose Personal Data in response to a lawful request, including to meet national security or law enforcement requirements. CGI Federal is liable for the appropriate onward transfer of Personal Data to third parties.
Security Measures to Protect Personal Data
CGI Federal maintains reasonable physical, technical, and administrative safeguards to help protect against the unauthorized access, use, and disclosure of Personal Data that you voluntarily provide in accordance with the Privacy Shield Principles. CGI Federal uses reasonable efforts to maintain the accuracy of such Personal Data and update it as appropriate.
Access, Review, and Correction
You have the right to access your Personal Data. Upon reasonable request and as required by the Privacy Shield Principles, individuals are allowed to access Personal Data held about you and you may request correction, amendment, or deletion of such Personal Data if it is inaccurate or processed in violation of the Privacy Shield. These rights may not apply in some cases, including, but not limited to, where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. These rights also may not apply if the data is collected in connection with a US federal government requirement that is exempt from the Privacy Shield frameworks. If you would like to request access to, correction, or deletion of your Personal Data, then you must submit a written request to the point of contact identified below and cooperate with information requests from CGI Federal to confirm your identity.
Questions or Complaints
CGI Federal commits to resolve complaints about your privacy and our collection of your Personal Data in compliance with the Privacy Shield Principles. Individuals based in the EEA or Switzerland can contact us with questions or concerns about their Personal Data at: Privacy@CGIFederal.com.
If your question or concern is not resolved, then the dispute will be referred to JAMS Mediation, Arbitration, and ADR Services for resolution. As a last resort and in certain limited situations, individuals in the EU may seek redress from the Privacy Shield Panel, which is a binding arbitration mechanism.
CGI Federal commits to cooperate with EU data protection authorities and comply with the advice given by such authorities with regard to HR data transferred from the EU in the context of the employment relationship.
CGI Federal reserves the right to make changes to this Policy from time to time consistent with the Privacy Shield’s requirements.
If you have any questions about this Policy or would like to request access to your Personal Data, please contact us at: Privacy@CGIFederal.com.