PRIVACY

PRIVACY POLICY / TERMS & CONDITIONS

Terms Of Use


  1. Cathedral Corporation respects the privacy of our users. Please take a few minutes to review our Privacy Policy Statement.
  2. This web site may contain copyright and proprietary information notices; please take note of these notices and comply with them.
  3. The material that appears on this web site is for informational purposes only. Despite our efforts to provide useful and accurate information, errors may appear from time to time. We advise that you verify information in which you intend to place any sort of reliance before acting upon such information.
  4. The descriptions of products and services displayed on this web site, and the terms under which they are offered, may change at any time without notice.
  5. Cathedral Corporation cannot and does not warrant the accuracy, completeness, currentness, merchantability or fitness for a particular purpose of any product or service available through this web site, nor does it guarantee that the web site will be error-free, continuously available, or free of viruses or other harmful components.
  6. This web site may have links to "external" sites. These sites were not created by Cathedral Corporation and we are not responsible for their content, nor should the existence of a link imply any form of endorsement by us of the site, its content, or the party sponsoring it. The link is for the convenience of the visitors to our site only.


Privacy Policy Statement


This policy statement was created to demonstrate our commitment to privacy. It discloses our information gathering and dissemination practices. By using our web site, you consent to the collection and use of this information by Cathedral Corporation. We reserve the right to change our privacy policy as deemed appropriate, and we will update any changes on this page so that you are always aware of what information we collect and how we use such information.


Information Cathedral Corporation Collects


General. This site does not collect personal identifying information about individuals except when specifically and knowingly provided by such individuals. The site may collect personal identifying information in several ways including through e-newsletter lists, mailing lists, online request forms, contests, feedback forms, surveys, or personal interest forms. Cathedral Corporation does not sell this information to third parties. This site does not collect or store any personal information about children under the age of 13 in accordance with the Children's Online Privacy Protection Act.

Cookies. A cookie is a small data file that a web site transfers to a user's hard drive when a user visits the web site. The only personal information a cookie can contain is that which a user supplies. A cookie cannot read data off a hard disk or read cookie files created by other sites. We use cookies to calculate the number of people visiting our site (or a certain page of our site) to allow us to provide you better services in the future. The information we collect is used to improve the content of our web site, used to notify our customers about updates to our web site and used by us to contact customers and potential customers for marketing purposes.

Usage tracking. Cathedral Corporation tracks usage patterns on our sites and breaks down overall usage statistics according to a user's domain name, browser type, and MIME type by reading this information from the browser string (information contained in every user's browser). However, we do not match this information with users' personally identifiable information.


Other Sites Which May Be Linked to this Site


Cathedral Corporation may contain links to other Internet sites maintained by third parties for your convenience only. Please note that when you click on one of these links, you may enter another web site for which Cathedral Corporation has no responsibility. We encourage you to read the privacy statements of all such sites as their policies may be materially different from this privacy statement.


EU-U.S. DPF


This Privacy Policy ("Policy") describes how Cathedral Corporation, hereinafter “Cathedral”, collects, uses, processes and discloses certain personally identifiable information that we receive in the US from the European Union/European Economic Area and the United Kingdom/Gibraltar “UK” (hereinafter "EU/EEA/UK Personal Data" or “Personal Data”). This Policy applies to all of Cathedral’s business locations. This Policy supplements, and is to be incorporated in, our Website Privacy Policy located at http://www.cathedralcorporation.com, and unless specifically defined in this Policy, the terms in this Policy have the same meaning as the Website Privacy Policy.

 

Cathedral Corporation complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. Cathedral Corporation has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

 

Cathedral Corporation is subject to the authority of the Federal Trade Commission with respect to the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.

 

Personal Data Collection and Use

 

Our Website Privacy Policy located at http://www.cathedralcorporation.com describes the categories of Personal Data that we may receive in the US as well as the purposes for which we use that Personal Data. Cathedral functions as a “Processor” of “Personal Data” received from “Controllers”. We may receive the following categories of Personal Data in the US from businesses you have an established relationship with (such as, your employer, financial institutions, insurance companies, service and health providers) including: your name, identification or account number, Tax identification numbers, non-us tax identification numbers, social insurance numbers, contact data, address, email address, employer name, business name, health provider name, insurer names, lending institution names, as well as physical, physiological, mental, economic, insurance, financial, and other personal data information about you received from such businesses. We process Personal Data for the following purposes: to provide print and mail services, and/or electronic presentment services to you as a member, employee, customer or service recipient of our business customers for the purposes it was provided. Cathedral will only process and collect Personal Data in ways that are compatible with the original purposes the individual has authorized, or for purposes the individual later authorizes. Before we use your Personal Data for a purpose that is materially different than the purpose authorized, we will provide you with the opportunity to opt out. Cathedral maintains reasonable procedures to help ensure that Personal Data is reliable for its intended use, accurate, complete, and current.

 

We may receive the following categories of Sensitive Personal Data from Data Controllers: Health. We process sensitive Personal Data for the following purposes: to provide print and mail services, and/or electronic presentment services to you as a member, employee, customer or service recipient of our business customers, including but not limited to statements, invoices, remittance advice, and other health service related documents. If we change this policy in the future, we will provide individuals with an opt-out before we use it for a purpose other than which it was originally collected.

 

Data Transfers to Third Parties

 

Third-Party Agents or Service Providers.

Cathedral Corporation may transfer Personal Data to our third-party agents or service providers, previously disclosed to and authorized by your data collector, who perform functions on our behalf including: (1) managed hosted services, (2) occasional processing by service providers with capabilities identical or similar to Cathedral’s for purposes previously authorized. Where required by the DPF, Cathedral Corporation enters into written agreements with those third-party agents and service providers requiring them to provide the same level of protection the DPF requires and limiting their use of the data to the specified services provided on our behalf. We take reasonable and appropriate steps to ensure that third-party agents and service providers process Personal Data in accordance with DPF obligations and to stop and remediate any unauthorized processing. Under certain circumstances, we may remain liable for the acts of our third-party agents or service providers who perform services on our behalf for their handling of Personal Data that we transfer to them. Cathedral will not otherwise transfer Personal Data to third parties except as permitted or required in this policy. If we change this policy in the future, we will provide individuals with an opt-out before we use it for a purpose other than which it was originally collected.

 

Disclosures for National Security or Law Enforcement.

 

Under certain circumstances, we may be required to disclose your Personal Data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.

 

Security

 

Cathedral maintains reasonable and appropriate security measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the DPF.

 

Access Rights

 

You may have the right to access the Personal Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of the DPF. Typically, we do not hold or retain your Personal Data unless required by Statute, Regulation, Directive or Contract. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, or deletion of your Personal Data, the data subject should contact the Cathedral Customer that collected their Personal Data. Cathedral will cooperate with Customers’ reasonable requests to assist Data Subjects with respect to their rights under the DPF. In compliance with the DPF principles, European Union and United Kingdom individuals may submit a written request to the contact information provided below. We may request specific information from you to confirm your identity. In some circumstances we may charge a reasonable fee for access to your information.

 

Questions or Complaints

 

In compliance with the EU-US Data Privacy Framework program’s Principles, Cathedral Corporation commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union and United Kingdom individuals with DPF inquiries or complaints should first contact: Cathedral Corporation, Attention: Compliance Officer, 632 Ellsworth Road, Rome, NY 13441 USA.

 

We will investigate and attempt to expeditiously resolve any complaints or disputes regarding the use or disclosure of your Personal Data upon receiving your complaint.

 

Cathedral Corporation has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit  https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.

 

Arbitration

 

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

 

Contact Us

 

If you have any questions about this Policy or would like to request access to your Personal Data, please contact us as follows: Cathedral Corporation, Attention: Compliance Officer, 632 Ellsworth Road, Rome, NY 13441 USA

 

Definitions of terms under the EU General Data Protection Regulation applicable to certain work or services performed on behalf of European Citizens

 

Personal data: any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.


Sensitive Personal Data: specific to personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; data concerning health or sex life and sexual orientation; genetic data or biometric data.

 

Processing: any operation or set of operations performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

Controller: the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by EU or Member State laws, the controller (or the criteria for nominating the controller) may be designated by those laws.

 

Processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.

 

Consent: "The consent of the data subject" means any freely given, specific, informed and unambiguous indication of his or her wishes by which the data subject, either by a statement or by a clear affirmative action, signifies agreement to personal data relating to them being processed.

 

Changes To This Policy

 

We reserve the right to amend this Policy from time to time consistent with the DPF's requirements.


Effective Date: 09/12/2023

Last modified: 11/07/2023

Reviewed: 11/07/2023

Integrity, Commitment, and Service are our keys to success.

We are known for providing a personalized experience focused on superior customer service, tailored product and commitment to quality assurance. We continually excel at positioning our customers for solid growth.

Share by: