Introduction
“Citrin Cooperman” is the brand under which Citrin Cooperman & Company, LLP, a licensed independent CPA firm, and Citrin Cooperman Advisors LLC serve clients’ business needs. The two firms operate as separate legal entities in an alternative practice structure. Citrin Cooperman is an independent member of Moore North America, which is itself a regional member of Moore Global Network Limited (MGNL).
This Privacy Notice describes how Citrin Cooperman and its subsidiary entities collect, use, share, sell, disclose, retain, dispose of, and protect Personal Data, as defined by applicable privacy legislation, also referred to as “Personal Data,” when you interact with us as a subscriber, client, prospective client, office visitor, website user, job applicant, employee, contractor, supplier, event attendee, or any other relevant individual, and describes the choices you have relating to your Personal Data and how to exercise such rights.
Applicability
This Privacy Notice applies to any Personal Data you provide to Citrin Cooperman and any Personal Data we collect during your employment, when you apply to a job posting, contact us, visit, or use our website, “www.citrincooperman.com” and all websites linked to this website, when you visit a Citrin Cooperman office, attend a Citrin Cooperman event or seminar, or request a service from us. The Personal Data we collect varies depending on the nature of the services we provide and how you interact with us. To use this site, you do not need to send us any Personal Data.
For purposes of this Privacy Notice, “Personal Information”, also referred to as “Personal Data”, means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly, or indirectly, with a particular consumer, identified individual or household, or any similar term defined in and governed by Applicable Data Protection Laws.
Additionally, “Sensitive Personal Information”, also referred to as “Sensitive Personal Data”, or "Special Categories of Data" is a subset of Personal Data that requires heightened protection. Examples include and are not limited to Information on Children, Background Check Information, Financial Detail Information, Employment Information such as citizenship, Personal Data such as gender, ethnicity, emails or post mail, racial origin, race, political affiliations, religious affiliation or beliefs, call recordings, Government Identifiers such as SSN, Personal Health Information, Contact Information such as physical address or Browsing Information such as precise geolocation (able to identify the location of an individual within 1,850 ft).
At Citrin Cooperman, we value your privacy and are committed to safeguarding your information as part of our ongoing dedication to providing a secure and transparent experience for our users. As a result, we are committed to keeping our Privacy Notice up to date, reflecting any changes in our Personal Data practices or the adoption of new privacy policies. Should you have any questions or concerns about our Privacy Notice or how we process your Personal Data, please do not hesitate to reach out to us.
Your Personal Data
At Citrin Cooperman, we offer a wide range of Assurance, Tax, and Advisory services to meet the business and personal needs of our clients. Given the diversity of our Service offerings, we process broad categories of Personal Data, including Special Categories of Data, Sensitive Personal Information, or Sensitive Data. We use your Personal Data for lawful business purposes, including (i) using only Special Categories of Data, Sensitive Personal Information, or Sensitive Data provided by you with your consent, (ii) performance of a contract, and/or (iii) complying with legal and regulatory obligations.
We also collect and use your Personal Data when you apply for a job to assess your suitability for job opportunities and provide you with personalized experiences. Additionally, we collect and use your Personal Data as an employee to manage the employment relationship, communicate with you, improve the workplace and our services, protect the health and safety of our employees, and comply with legal and regulatory requirements.
We process your Personal Data for the following purposes:
- To provide products and services to you
- To comply with legal/regulatory requirements
- To operate and improve our business
- To manage our workforce and provide them with employment, training, compensation, or benefits
- For marketing and advertising purposes
- To improve the security and performance of our website, network, systems and services
- To protect against fraud and abuse
- To protect the safety and security of our employees and clients
- To communicate with you about our products and services
- To operate and understand your use of our website
You may have executed a contract, such as a Master Services Agreement (MSA), Statement of Work (SoW), Engagement Letter or other Agreement, that governs the relationship between you and Citrin Cooperman and the services we provide to you. If there is any conflict between the terms of your agreement with Citrin Cooperman and the terms of this Privacy Notice, the terms of your agreement will prevail.
Type of Personal Data We Collect
We may collect and process the following types of Personal Data:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Browsing and Device Information
Like many companies, your visit to our website triggers automatic collection of cookies and other tracking technologies. We and third parties, including our third-party service providers may automatically collect certain details about your device and browsing, like IP address, browser type, and page views through the use of cookies and other tracking tools like analytics and pixels. This information may be used to understand your interests and needs, improve the performance of our marketing campaigns, improve the performance of our website, personalize the content and advertising that we show to you, prevent fraud and abuse, comply with legal requirements, or improve the security of our website, systems, and services. If you no longer wish to receive promotional communications from us, you may at any time request that we discontinue sending you such materials by contacting us using this link.
Please visit our Cookies and Other Tracking Technologies Notice for more information.
Children’s Data
Our services are not directed at Children, and we do not knowingly collect any Personal Data from Children under the age of 16 without prior verifiable parental consent.
Certain Citrin Cooperman services, may process Personal Data related to Children, such as their date of birth, address, or other identifiable information to fulfill our service obligations to you. This Personal Data is not collected directly from Children, but from other parties such as your representative, or directly from you as the parent or guardian of the Child (e.g., so that the Child may be named a beneficiary to an insurance policy or pension plan).
If Citrin Cooperman learns that a Child under the age of 16 has submitted Personal Data without parental consent, we will take all reasonable measures to delete the data as soon as possible and to not use such data for any purpose, except where necessary to protect the safety of the Child or others as required or allowed by law. If you believe a Child under the age of 16 has provided us with Personal Data, please contact us at privacy@citrincooperman.com or use the mailing address below.
Categories of Third Parties to Whom Personal Data Is Potentially Disclosed
We may need to disclose your Personal Data in certain circumstances as outlined below to carry out our business. We take your privacy seriously and will only disclose your Personal Data when it is necessary to do so. Furthermore, we have put safeguards in place to protect your Personal Data and will only disclose it to third parties who have agreed to protect it as well.
- Third-party suppliers, service providers, affiliates, and business partners: Citrin Cooperman may disclose Personal Data to third-party suppliers, service providers, affiliates, and business partners to assist us in meeting business operation needs and to deliver our services and functions.
- Vendors: Citrin Cooperman may disclose Personal Data to vendors who provide services to the firm, such as information technology services, cloud computing services, and data storage services. This is done to allow these vendors to perform their services effectively and efficiently.
- Investors: Citrin Cooperman may disclose Personal Data to investors to provide them with information about the firm's financial performance and operations. This disclosure is necessary for investors to make informed investment decisions.
- Regulators: Citrin Cooperman may disclose Personal Data to regulators to comply with legal and regulatory requirements. For example, Citrin Cooperman may be required to disclose Personal Data to the Securities and Exchange Commission in connection with an audit of a public company.
- Law enforcement: Citrin Cooperman may disclose Personal Data to law enforcement agencies if required to do so by law. For example, Citrin Cooperman may be required to disclose Personal Data to the Federal Bureau of Investigation in connection with an investigation of a financial crime.
Third-Party Links and Services
This site and all websites linked to the website contain third-party links that can be used to access certain services provided by third parties. This Privacy Notice does not address data collection or processing by any of those parties.
Do Not Track/Global Privacy Control (GPC)
Track (“DNT”) or “Global Privacy Control” is a preference setting offered by various internet browsers, whereby a signal is automatically sent by the browser to each website visited requesting that the user’s activities are not tracked by that website and that the website does not enable onward tracking to other websites. You can usually access your browser’s DNT option in your browser’s preferences. If that occurs, the website visited will not recognize you upon return to that website or save your passwords or usernames, and some other features of a website may become unavailable or not function properly.
Lawful Basis for Processing Your Personal Data
We rely on the following legal basis to collect and use your Personal Data:
- Consent: We may ask for your permission to use your Personal Data, such as if we need your permission to process sensitive information about you or engage in certain marketing activities. If we obtain your consent as a legal basis for processing your data, you can revoke your consent at any time.
- Contract: Where we offer services or enter into a contract with you to provide services, we will collect and use your Personal Data where necessary to enable us to take steps to offer you the services, process your acceptance of the offer and fulfil our obligations in the contract with you.
- Legal obligation: We may need to use your Personal Data to comply with applicable legal requirements.
- Vital interest: We may need to use your Personal Data to protect your life or in the event of a medical emergency.
- Legitimate interest: We have a legitimate business interest in using your Personal Data to operate, improve, and market our business, websites, and services.
International Transfers of Your Personal Data
We may need to transfer your Personal Data to countries other than the country in which the data was originally collected for the purposes described in this Privacy Notice. When we do, if the applicable law requires, we use a variety of legal mechanisms to help ensure your rights and protections travel with your data, such as:
- Internal Data Transfer Agreements: We ensure transfers between Citrin Cooperman entities are covered by agreements that incorporate prescribed contractual wording, such as the EU Commissioner’s Standard Contractual Clauses (SCCs), which contractually oblige each party to ensure that Personal Data receives an adequate and consistent level of protection.
- Contracts (Master Service Agreements [MSAs (Master Service Agreement)], Engagement Letters, Statement of Work [SoW]): Where we transfer to or receive your Personal Data from third parties who help provide our products and services, we obtain contractual commitments from them to protect your Personal Data, which incorporate standard contract clauses (where required/applicable).
Mergers and Acquisitions
In the event Citrin Cooperman goes through a business transition, such as a merger, or the acquisition or sale of all or a portion of its assets, your Personal Data may be among the assets transferred.
How We Protect and Store Your Personal Data
Citrin Cooperman takes the protection of Personal Data very seriously and has in place several safeguards to protect the confidentiality and security of Personal Data. These safeguards include:
- System-level restrictions for access to programs and data, such as appropriate password safeguards and secure sign-on mechanisms, such as dual authentication, are in place.
- Restricted access to programs and data safeguards, such as user provisioning, deprovisioning, and recertification controls, are in place.
- Role-based access to programs and data safeguards, including Privileged User Access controls, are in place.
- Data minimization safeguards, including limiting access to Personal Data to authorized individuals are in place.
- Data quality safeguards are in place to ensure the integrity of data, prevent errors, and improve the efficiency of data processing.
- Encryption safeguards are in place to protect data in transit and at rest.
- Logging and monitoring controls are in place to protect the integrity of Personal Data.
Citrin Cooperman also has several policies and procedures in place to govern the collection, use, share, sale, disclose, retention and disposal of Personal Data. These policies and procedures are designed to ensure that Personal Data is collected, used, and disclosed in a lawful, fair, and transparent manner. How long we retain your Personal Data depends on the purposes for which it was obtained and its nature. We will keep your Personal Data for the period necessary to fulfil the purposes described in this Notice unless a longer retention period is permitted or required by law and in accordance with the Citrin Cooperman Record Retention Policy.
Retention
How long we retain your Personal Data depends on the purpose for which it was obtained and its nature. This includes providing you with a service you have requested from us or to comply with applicable legal requirements, including complying with the law, retaining records, resolving disputes, and enforcing our agreements. This storage period may extend beyond the term of your relationship with us. We will keep your Personal Data for the period necessary to fulfil the purposes described in this Notice unless a longer retention period is permitted or required by law and in accordance with the Citrin Cooperman Record Retention Policy.
Your Data Protection Rights
You may have certain rights over your Personal Data that enable you to control the use of any Personal Data about you that we collect and use.
- Right to Access. You may have the right under certain circumstances to request and receive a copy of your Personal Data, upon verifiable request.
- Right to Data Portability. You may have the right under certain circumstances to request that your Personal Data be provided to you and/or transferred to a third party. To the extent it is technically feasible, we can provide your Personal Data in a structured, commonly used, machine-readable format, upon verifiable request. Note that this right only applies to automated information that you initially provided for our use or to perform a contract with you.
- Right to Recertification (Correction). You may have the right to request corrections of your Personal Data, upon verifiable request where it is inaccurate or out of date.
- Right to Be Forgotten (Right to Erasure). You may have the right under certain circumstances to have your Personal Data erased. You can request we delete Personal Data where you do not believe there is reason for us continuing to process it, or where you believe we collected or are using it unlawfully, where erasure is required by law or where you have opted-out of our processing, upon verifiable request. In certain cases, we may not be able to comply fully or at all with your correction request for legal reasons, and to the extent we are permitted to, we will notify you of the reasons.
- Right to Opt Out of Sale/Sharing of Personal Data for Purposes of Targeted Advertising. You may have the right to opt out of Sale/Share, including Targeted Advertising by clicking Opt-out of Sale/Sharing of My Personal Information (including for Targeted Advertising). Please see our Cookies and Other Tracking Technologies Notice to better understand our use of cookies, as well as your rights involving cookies and other areas of automated collection.
- Right to Object to Direct Marketing. You have the right to object to the use of your Personal Data for direct marketing at any time. If you wish to modify your preferences in respect to marketing updates or notifications, or the mailing lists to which you subscribe, you can modify your preferences using this link. All commercial and marketing communications (e.g., notification emails and newsletters) include instructions for opting out of those communications.
- Right to Withdraw Consent. You have the right under certain circumstances, such as where we rely on your consent to process your Personal Data, to withdraw your consent. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to continue to provide certain products or services to you. We will advise you if this is the case when you withdraw your consent.
Depending on your residency, you may be entitled to additional data rights. Please see Jurisdictional/Territorial Privacy Notices for a further understanding of your rights.
In certain cases, such as for legal reasons, we may not be able to comply fully or at all with your correction request, and to the extent we are permitted to, we will notify you of the reasons. You are not required to pay any charge for exercising your rights. To the extent any of the above rights are applicable and you would like to exercise your rights, please leverage our Data Subject Access Request Form, or contact us by email at privacy@citrincooperman.com, or by phone at (888) 450-2221.
Exercising Your Data Protection Rights
Only you, or someone you have legally authorized to act on your behalf, can make a verifiable consumer request related to your Personal Data. You can also make a verifiable consumer request on behalf of your minor child. If you are making a request on behalf of someone else, we may ask for additional information to protect their Personal Data, such as proof that you are authorized to make the request. We will only use personal data provided in a verifiable consumer request to verify the requestors’ identity or authority to make the request.
We cannot respond to your request, except for requests to Opt-out of Sale/Sharing of My Personal Data (including for Targeted Advertising or provide you with your Personal Data if we cannot verify your identity or authority to make the request, or if we cannot confirm that the Personal Data relates to you or your minor child. We may also be unable to comply with your request if we have a legal or regulatory obligation to keep your Personal Data, such as when the Personal Data is necessary to complete a transaction. Other reasons your request may be denied are if it jeopardizes the privacy of others or would be extremely impractical to honor.
Your request must:
- Provide enough information so that we can reasonably verify that you are the person whose Personal Data we collected or received from an authorized representative.
- Describe your request in enough detail so that we can understand, evaluate, and respond to it.
To the extent any of the above rights are applicable and you would like to exercise your rights, please leverage our Data Subject Access Request Form, by email at privacy@citrincooperman.com, or by phone at (888) 450-2221. You are not required to pay any charge for exercising your rights.
Accessible Format
This Privacy Notice is available to individuals with disabilities. To access this Privacy Notice in an alternative downloaded format, please click here.
Changes to This Notice
We may update this Statement occasionally. When we do, we will post the current version on this site, and we will revise the version date located at the top of this page. We encourage you to periodically review this Notice so that you will be aware of our privacy practices.
get in touch
Our Contact Details
If you have any questions about our privacy practices, how we use your Personal Data, your choices, and rights, or would like to exercise your rights, please contact us.
citrin cooperman
Attn: Privacy Office
50 Rockefeller Plaza
New York, New York 10020, USA
Toll free telephone:
888-450-2221
Email:
privacy@citrincooperman.com