Introduction
“Citrin Cooperman” is the brand under which Citrin Cooperman & Company, LLP, a licensed independent CPA firm, and Citrin Cooperman Advisors LLC serve clients’ business needs. The two firms operate as separate legal entities in an alternative practice structure. Citrin Cooperman is an independent member of Moore North America, which is itself a regional member of Moore Global Network Limited (MGNL).
This Privacy Notice describes how Citrin Cooperman and its subsidiary entities collect, use, share, sell, disclose, retain, dispose of, and protect Personal Data when you interact with us as a subscriber, client, prospective client, office visitor, website user, job applicant, employee, contractor, supplier, event attendee, or any other relevant individual, and describes the choices you have relating to your Personal Data and how to exercise such rights.
Applicability
This Privacy Notice supplements the Citrin Cooperman Privacy Notice and addresses specific disclosures required under the European Union General Data Protection Regulation (“EU GDPR”) and the United Kingdom’s Data Protection Act (“UK GDPR”). If you are a California resident, please see our California Privacy Notice.
This Privacy Notice applies to any Personal Data you provide to Citrin Cooperman and any Personal Data we collect during your employment, when you apply to a job posting, contact us, visit, or use our website, “www.citrincooperman.com” and all websites linked to this website, when you visit a Citrin Cooperman office, attend a Citrin Cooperman event or seminar, or request a service from us. The Personal Data we collect varies depending on the nature of the services we provide and how you interact with us. To use this site, you do not need to send us any Personal Data.
In this Privacy Notice, “Personal Data” means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
At Citrin Cooperman, we value your privacy and are committed to safeguarding your information as part of our ongoing dedication to providing a secure and transparent experience for our users. As a result, we are committed to keeping our Privacy Notice up to date, reflecting any changes in our Personal Data practices or the adoption of new privacy policies. Should you have any questions or concerns about our Privacy Notice or how we process your Personal Data, please do not hesitate to reach out to us.
Your Personal Data
At Citrin Cooperman, we offer a wide range of Assurance, Tax, and Advisory services to meet the business and personal needs of our clients. Given the diversity of our Service offerings, we process broad categories of Personal Data, including Special Categories of Data. We use your Personal Data for lawful business purposes, including (i) using only Special Categories of Data provided by you with your consent, (ii) performance of a contract, and/or (iii) complying with legal and regulatory obligations.
We also collect and use your Personal Data when you apply for a job to assess your suitability for job opportunities and provide you with personalized experiences. Additionally, we collect and use your Personal Data as an employee to manage the employment relationship, communicate with you, improve the workplace and our services, protect the health and safety of our employees, and comply with legal and regulatory requirements.
We process your Personal Data for the following purposes:
- To provide products and services to you
- To comply with legal/regulatory requirements
- To operate and improve our business
- To manage our workforce and provide them with employment, training, compensation, or benefits
- For marketing and advertising purposes
- To improve the security and performance of our website, network, systems and services
- To protect against fraud and abuse
- To protect the safety and security of our employees and clients
- To communicate with you about our products and services
- To operate and understand your use of our website
You may have executed a contract, such as a Master Services Agreement (MSA), Statement of Work (SoW), Engagement Letter or other Agreement, that governs the relationship between you and Citrin Cooperman and the services we provide to you. If there is any conflict between the terms of your agreement with Citrin Cooperman and the terms of this Privacy Notice, the terms of your agreement will prevail.
Type of Personal Data We Collect
We may collect and process the following information:
|
||||||||||||||||||||||||||||||||||||||||||||||||
|
Browsing and Device Information
Like many companies, your visit to our website triggers automatic collection of cookies and other tracking technologies. We and third parties, including our third-party service providers may automatically collect certain details about your device and browsing, like IP address, browser type, and page views through the use of cookies and other tracking tools like analytics and pixels. This information may be used to understand your interests and needs, improve the performance of our marketing campaigns, improve the performance of our website, personalize the content and advertising that we show to you, prevent fraud and abuse, comply with legal requirements, or improve the security of our website, systems, and services. If you no longer wish to receive promotional communications from us, you may at any time request that we discontinue sending you such materials by contacting us using this link.
Please visit our Cookies and Other Tracking Technologies Notice for more information.
Children’s Data
Our services are not directed at Children, and we do not knowingly collect any Personal Data from Children under the age of 16 without prior verifiable parental consent.
Certain Citrin Cooperman services, may process Personal Data related to Children, such as their date of birth, address, or other identifiable information to fulfill our service obligations to you. This Personal Data is not collected directly from Children, but from other parties such as your representative, or directly from you as the parent or guardian of the Child (e.g., so that the Child may be named a beneficiary to an insurance policy or pension plan).
If Citrin Cooperman learns that a Child under the age of 16 has submitted Personal Data without parental consent, we will take all reasonable measures to delete the data as soon as possible and to not use such data for any purpose, except where necessary to protect the safety of the Child or others as required or allowed by law. If you believe a Child under the age of 16 has provided us with Personal Data, please contact us at privacy@citrincooperman.com or use the mailing address below.
Categories of Third Parties with Whom Personal Data Is Potentially Disclosed
We may need to disclose your Personal Data in certain circumstances as outlined below to carry out our business. We take your privacy seriously and will only disclose your Personal Data when it is necessary to do so. Furthermore, we have put in place safeguards to protect your Personal Data and will only disclose it to third parties who have agreed to protect it as well.
- Third-party suppliers, service providers, affiliates, and business partners: Citrin Cooperman may disclose Personal Data to third-party suppliers, service providers, affiliates, and business partners to assist us in meeting business operations needs and to deliver our services and functions.
- Vendors: Citrin Cooperman may disclose Personal Data to vendors who provide services to the firm, such as information technology services, cloud computing services, and data storage services. This is done to allow these vendors to perform their services effectively and efficiently.
- Investors: Citrin Cooperman may disclose Personal Data to investors to provide them with information about the firm's financial performance and operations. This disclosure is necessary for investors to make informed investment decisions.
- Regulators: Citrin Cooperman may disclose Personal Data to regulators to comply with legal and regulatory requirements. For example, Citrin Cooperman may be required to disclose Personal Data to the Securities and Exchange Commission in connection with an audit of a public company.
- Law enforcement: Citrin Cooperman may disclose Personal Data to law enforcement agencies if required to do so by law. For example, Citrin Cooperman may be required to disclose Personal Data to the Federal Bureau of Investigation in connection with an investigation of a financial crime.
Third-Party Links and Services
This site and all websites linked to the website contain third party links that can be used to access certain services provided by third parties. This Privacy Notice does not address data collection or processing by any of those parties.
Lawful Basis for Processing Your Personal Data
We rely on the following legal basis to collect and use your Personal Data:
- Consent: We may ask for your permission to use your Personal Data, such as if we need your permission to process sensitive information about you or engage in certain marketing activities. If we obtain your consent as a legal basis for processing your data, you can revoke your consent at any time.
- Contract: Where we offer services or enter into a contract with you to provide services, we will collect and use your Personal Data where necessary to enable us to take steps to offer you the services, process your acceptance of the offer and fulfil our obligations in the contract with you.
- Legal obligation: We may need to use your Personal Data to comply with applicable legal requirements.
- Vital interest: We may need to use your Personal Data to protect your life or in the event of a medical emergency.
- Legitimate interest: We have a legitimate business interest in using your Personal Data to operate, improve, and market our business, websites, and services.
International Transfers of Your Personal Data
We may need to transfer your Personal Data to countries other than the country in which the data was originally collected for the purposes described in this Privacy Notice. When we do, if the applicable law requires, we use a variety of legal mechanisms to help ensure your rights and protections travel with your data, such as:
- Internal Data Transfer Agreements: We ensure transfers between Citrin Cooperman entities are covered by agreements that incorporate prescribed contractual wording, such as the EU Commissioner’s Standard Contractual Clauses (SCCs), which contractually oblige each party to ensure that Personal Data receives an adequate and consistent level of protection.
- Contracts (Master Service Agreements [MSAs (Master Service Agreement)], Engagement Letters, Statement of Work [SoW]): Where we transfer to or receive your Personal Data from third parties who help provide our products and services, we obtain contractual commitments from them to protect your Personal Data, which incorporate standard contract clauses (where required/applicable).
How We Protect and Store Your Personal Data
Citrin Cooperman takes the protection of Personal Data very seriously and has in place several safeguards to protect the confidentiality and security of Personal Data. These safeguards include:
- System-level restrictions for access to programs and data, such as appropriate password safeguards and secure sign-on mechanisms, such as dual authentication, are in place.
- Restricted access to programs and data safeguards, such as user provisioning, deprovisioning, and recertification controls, are in place.
- Role-based access to programs and data safeguards, including Privileged User Access controls, are in place.
- Data minimization safeguards, including limiting access to Personal Data to authorized individuals are in place.
- Data quality safeguards are in place to ensure the integrity of data, prevent errors, and improve the efficiency of data processing.
- Encryption safeguards are in place to protect data in transit and at rest.
- Logging and monitoring controls are in place to protect the integrity of Personal Data.
Citrin Cooperman also has several policies and procedures in place to govern the collection, use, share, sale, disclose, retention and disposal of Personal Data. These policies and procedures are designed to ensure that Personal Data is collected, used, and disclosed in a lawful, fair, and transparent manner. How long we retain your Personal Data depends on the purposes for which it was obtained and its nature. We will keep your Personal Data for the period necessary to fulfil the purposes described in this Notice unless a longer retention period is permitted or required by law and in accordance with the Citrin Cooperman Record Retention Policy.
Retention
How long we retain your Personal Data depends on the purpose for which it was obtained and its nature. This includes providing you with a service you have requested from us or to comply with applicable legal requirements, including complying with the law, retaining records, resolving disputes, and enforcing our agreements. This storage period may extend beyond the term of your relationship with us. We will keep your Personal Data for the period necessary to fulfil the purposes described in this Notice unless a longer retention period is permitted or required by law and in accordance with the Citrin Cooperman Record Retention Policy.
Data Subject |
Retention |
Client Representative |
Personal data will be retained in the Citrin Cooperman’s CRM for as long as we have, or need to keep a record of, a relationship with a business contact. Personal data may be held for longer periods where extended retention periods are required by law, regulation, or professional standards and to establish, exercise or defend our legal rights. |
Clients |
We retain the personal data processed by us in accordance with the terms of our client agreements. We retain the personal data processed by us for as long as is considered necessary for the purpose(s) for which it was collected. Personal data may be held for longer periods where extended retention periods are required by law, regulation, or professional standards and to establish, exercise or defend our legal rights. |
Contractors |
Personal data will be retained about our contacts at our contractors, for as long as it is necessary for the purposes set out above (e.g., for as long as we have, or need to keep a record of, a relationship with a contact, which is for the duration of our relationship with a contact or their organization). Personal data may be held for longer periods where extended retention periods are required by law, regulation, or professional standards and to establish, exercise or defend our legal rights. |
Corporate (Prospective Corporate Acquisition) |
We retain the Personal data processed by us in accordance with the terms of our Corporate agreements. |
Employees |
We retain the personal data processed by us for as long as is considered necessary for the purpose(s) for which it was collected. Personal data may be held for longer periods where extended retention periods are required by law, regulation, or professional standards and to establish, exercise or defend our legal rights. |
Event Attendees |
We retain the personal data processed by us for as long as is considered necessary for the purpose(s) for which it was collected. Personal data may be held for longer periods where extended retention periods are required by law, regulation, or professional standards and to establish, exercise or defend our legal rights. |
Job Applicants |
We retain the personal data processed by us for as long as is considered necessary for the purpose(s) for which it was collected. Personal data may be held for longer periods where extended retention periods are required by law, regulation, or professional standards and to establish, exercise or defend our legal rights. |
Office Visitors |
We retain the personal data processed by us for as long as is considered necessary for the purpose(s) for which it was collected. Personal data may be held for longer periods where extended retention periods are required by law, regulation, or professional standards and to establish, exercise or defend our legal rights. |
Prospective Clients |
Personal data will be retained in the Citrin Cooperman’s CRM for as long as we have, or need to keep a record of, a relationship with a business contact. Personal data may be held for longer periods where extended retention periods are required by law, regulation, or professional standards and to establish, exercise or defend our legal rights. |
Subscribers |
Personal data will be retained in the Citrin Cooperman’s CRM for as long as we have, or need to keep a record of, a relationship with a business contact. Personal data may be held for longer periods where extended retention periods are required by law, regulation, or professional standards and to establish, exercise or defend our legal rights. |
Third Parties |
Personal data will be retained about our contacts at our suppliers for as long as it is necessary for the purposes set out adjacent (e.g., for as long as we have, or need to keep a record of, a relationship with a contact, which is for the duration of our relationship with a contact or their organization). Personal data may be held for longer periods where extended retention periods are required by law, regulation, or professional standards and to establish, exercise or defend our legal rights. |
Website Users |
We will retain the personal data collected by us through the Site for as long as is necessary for the purpose(s) for which it was collected as set out above, provided that personal data may be held for longer periods where extended retention periods are required by law, regulation, or professional standards, and in order to establish, exercise or defend our legal rights. |
Your Data Protection Rights
As an EU/UK resident, you have specific rights under the GDPR or the UK equivalent ("UK GDPR") to control your Personal Data including:
- Right to Access. You have the right under certain circumstances to request and receive a copy of the Personal Data we hold about you.
- Right to Correction. You may have the right to request us to correct your Personal Data where it is inaccurate or out of date.
- Right to Be Forgotten (Right to Erasure). You have the right under certain circumstances to have your Personal Data erased.
- Right to Restrict Processing. You have the right, under certain circumstances, to request the restriction of your Personal Data from further use, such as where the accuracy of the data is disputed, the Personal Data is no longer needed for the purposes of processing, and you request that the information not be used until its accuracy is confirmed.
- Right to Data Portability. You have the right, under certain circumstances, to request your Personal Data be provided to you and/or transferred to a third party you have chosen. To the extent it is technically feasible, we can provide your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided to us to use or where we used the information to perform a contract with you.
- Right to Object to Processing. You have the right, under certain circumstances, to object to the processing of your Personal Data, but only where we are relying on a legitimate interest (or those of a third party) and, based on your situation, you object to processing your Personal Data, as you feel it impacts your fundamental rights and freedoms.
- Right to Object to Direct Marketing. You have the right to object to the processing of your Personal Data for direct marketing at any time. We will provide specific information on how to opt out of our marketing initiatives such as by email. If you wish to modify your preferences in respect to updates or notifications, or the mailing lists to which you subscribe, you can modify your preferences using this link. All commercial and marketing communications (e.g., notification emails and newsletters) include instructions for opting out of those communications in the future.
- Right to Decline Automated Decision Making. While we don't rely solely on automation to make decisions about you, we may use profiling techniques like analyzing background checks to assist in tasks such as assessing client eligibility. This helps us ensure responsible service provision and protect both you and us.
- Right to Withdraw Consent. You have the right, under certain circumstances, such as where we rely on consent to process your Personal Data, to withdrawal your consent. However, this will not affect the lawfulness of any data processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to continue to provide certain products or services to you. We will advise you if this is the case when you withdraw your consent.
In certain cases, we may not be able to comply fully or at all with your request for legal reasons, and to the extent we are permitted to, we will notify you of the reasons for this. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. To the extent any of the above rights are applicable and you would like to exercise your rights as an EU/UK resident, please leverage our Data Subject Access Request Form, by email at privacy@citrincooperman.com, or by phone at (888) 450-2221.
Exercising Your Data Protection Rights
Only you, or someone you have legally authorized to act on your behalf, can make a verifiable consumer request related to your Personal Data. You can also make a verifiable consumer request on behalf of your minor child. If you are making a request on behalf of someone else, we may ask for additional information to protect their Personal Data, such as proof that you are authorized to make the request. We will only use personal data provided in a verifiable consumer request to verify the requestors’ identity or authority to make the request.
We cannot respond to your request or provide you with your Personal Data if we cannot verify your identity or authority to make the request, or if we cannot confirm that the Personal Data relates to you or your minor child. We may also be unable to comply with your request if we have a legal or regulatory obligation to keep your Personal Data, such as when the Personal Data is necessary to complete a transaction. Other reasons your request may be denied are if it jeopardizes the privacy of others or would be extremely impractical to honor.
Your request must:
- Provide enough information so that we can reasonably verify that you are the person whose Personal Data we collected or received from an authorized representative.
- Describe your request in enough detail so that we can understand, evaluate, and respond to it.
To the extent any of the above rights are applicable and you would like to exercise your rights as an EU/UK resident, please leverage our Data Subject Access Request Form, by email at privacy@citrincooperman.com, or by phone at (888) 450-2221. You are not required to pay any charge for exercising your rights.
Once you have submitted a request, we will respond to you within thirty (30) days. If, for some reason, you do not receive a response within thirty (30) days of your submitted request, please send an email to privacy@citrincooperman.com, as an error may have occurred. If we cannot verify your identity within the thirty-day (30) time period, we may deny the request. If necessary, we may take up to an additional sixty (60) calendar days to respond to a request, for a maximum total of ninety (90) calendar days from the date the request is received, provided that we contact you with an explanation of the reason why we will take more than thirty (30) days to respond to the request. If we are unable to assist you, we will notify you within thirty (30) days of the date you submitted the request and provide you with notice and an explanation of the reason we are not able to fulfill your request.
How to Complain
If you have any concerns about our use of your Personal Data, you can make a complaint to us by email at privacy@citrincooperman.com, or by phone at (888) 450-2221. You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Changes to This Statement
We may update this Statement occasionally. When we do, we will post the current version on this site, and we will revise the version date located at the top of this page. We encourage you to periodically review this Statement so that you will be aware of our privacy practices.
get in touch
Our Contact Details
If you have any questions about our privacy practices, how we use your Personal Data, your choices, and rights, or would like to exercise your rights, please contact us.
citrin cooperman
Attn: Privacy Office
50 Rockefeller Plaza
New York, New York 10020, USA
Toll free telephone:
888-450-2221
Email:
privacy@citrincooperman.com