Effective Date: 1/1/2017
This privacy statement describes how Cornerstone Information Systems, Inc. (“Cornerstone Information Systems”) collects and uses the personal information you provide on our Web site: https://www.iqcx.com, https://apps.ciswired.com and https://www.ciswired.com and our Service. The use of information collected through our service shall be limited to the purpose of providing the service for which the Client has engaged Cornerstone Information Systems. It also describes the choices available to you regarding our use of your personal information and how you can access and update this information.
EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield
Cornerstone Information Systems participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. Cornerstone Information Systems is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.
Cornerstone Information Systems is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Cornerstone Information Systems complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Cornerstone Information Systems is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Cornerstone Information Systems may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Information Collection and Use
The kinds of information we may collect includes full name, email, PNR information, flight record information, traveler profile information like addresses, credit card information.
In addition we collect and store on behalf of our clients some system administration contact information. Typically this involves our client’s employee’s contact information such as email address to notify users of pending trip approvals or service notifications.
Cornerstone Information Systems reserves the right to disclose your personally identifiable information as required by law and when we believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order, or legal process served on our Web Site.
In the event Cornerstone Information Systems, Inc. goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets, your personally identifiable information will likely be among the assets transferred. You will be notified via email of any such change in ownership or control of your personal information.
Children’s Personal Information
Cornerstone Information Systems offers business related services and does not offer areas specifically designed for children.
As is true of most websites, we gather certain information automatically. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site.
We do not share, sell, or rent user’s personally identifiable information to 3rd parties in ways other than disclosed in this privacy statement.
We will share aggregated demographic information with our business partners. This is not linked to any personal information that can identify any individual person, nor is it linked to any client proprietary information. We partner with another party to provide specific services. When the user signs up for these services, we will share names, or other contact information that is necessary for the third party to provide these services. These parties are not allowed to use personally identifiable information except for the purpose of providing these services.
An example of the sharing of data would be that one of our customers has requested in writing that Cornerstone provide travel data to a supplier of the customers’ choosing, such as an emergency medical team for travelers at risk. Travel data transferred to the emergency medical team may include contact information.
This web site contains links to other sites. Please be aware that Cornerstone Information Systems is not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects personally identifiable information. This privacy statement applies solely to information collected by this web site.
This website takes every precaution to protect our users’ information. When our customers handle sensitive information via the website, information is protected both online and off-line.
Occasionally we have forms for sensitive information (such as credit card number and/or social security number). That information is encrypted and is protected with the best encryption software in the industry – SSL. While on a secure page, such as our order form, the lock icon on the bottom of Web browsers such as Netscape Navigator and Microsoft Internet Explorer becomes locked, as opposed to un-locked, or open, when you are just ‘surfing’. To learn more about SSL, follow this link https://www.microsoft.com.
While we use SSL encryption to protect sensitive information online, we also do everything in our power to protect user-information off-line. All of our users’ information, not just the sensitive information mentioned above, is restricted in our offices. Only employees who need the information to perform a specific job are granted access to personally identifiable information.
Our employees must use password-protected screen-savers when they leave their desk. When they return, they must re-enter their password to re-gain access to your information.
Furthermore, ALL employees are kept up-to-date on our security and privacy practices. Every quarter, as well as any time new policies are added, our employees are notified and/or reminded about the importance we place on privacy, and what they can do to ensure our customers’ information is protected.
Finally, the servers that we store personally identifiable information on are kept in a secure environment and located in rooms that require security card access readers and cameras. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our Web site, you can contact us at firstname.lastname@example.org.
Supplementation of Information
In order for this website to properly fulfill its obligation to our clients, it is necessary for us to supplement the information we receive with information from 3rd party sources. As indicated above we collect some information from travel industry databases. This information is tied to an identifier that our clients use to run reports and analyze the data. It is possible for our clients to then also be able to append more of their own data to it.
Site and Service Updates
From time to time we send clients site and service announcement updates. These announcements contain important information about the service, therefore are required as part of the service. Generally, you may not opt-out of these required communications as they are necessary to receive the service. If you wish to stop receiving these communications, please see the “Choice/Opt-out” section below for instruction. We communicate with the user to provide requested services and in regards to issues relating to their account via email or phone.
Correction/Updating Personal Information
Upon request Cornerstone Information Systems will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. If a client’s personally identifiable information changes (such as your zip code) we provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the system administration information page or by emailing our Customer Support. We will respond to your request within a reasonable timeframe.
Cornerstone Information Systems acknowledges that you have the right to access your personal information. Cornerstone Information Systems has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to the Cornerstone Information Systems’s Client (the data controller). If requested to remove data we will respond within a reasonable timeframe. If you are a customer of one of our Clients and would no longer like to be contacted by one of our Clients that use our service, please contact the Client that you interact with directly. We handle client data as a data processor. Consequently, access requirements are handled by them, though we will cooperate with any requests made by our data controller clients having to do with their end users. The data controller clients can expect a response to their request with 10-20 business days.
We may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our Clients.
We will retain your information and information we process on behalf of our Clients for as long as your account is active or as needed to provide you services or to our Clients. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
We handle client data as a data processor. Consequently, choice requirements are handled by the administrator assigned by the client. If you wish to stop receiving site and service announcements or trip notifications, please contact your system administrator.
Notification of Changes
Enforcement of this Privacy Statement
If you have questions regarding this statement, you should contact Cornerstone Information Systems at: email@example.com. You may also contact Cornerstone Information Systems by telephone (812-330-4361) or postal mail. Please mail correspondence to:
Cornerstone Information Systems
300 W. Sixth Street
Bloomington, IN 47404