This web site may contain copyright and proprietary information notices; please take note of these notices and comply with them.
The material that appears on this web site is for informational purposes only. Despite our efforts to provide useful and accurate information, errors may appear from time to time. We advise that you verify information in which you intend to place any sort of reliance before acting upon such information.
The descriptions of products and services displayed on this web site, and the terms under which they are offered, may change at any time without notice.
Cathedral Corporation cannot and does not warrant the accuracy, completeness, currentness, merchantability or fitness for a particular purpose of any product or service available through this web site, nor does it guarantee that the web site will be error-free, continuously available, or free of viruses or other harmful components.
- This web site may have links to "external" sites. These sites were not created by Cathedral Corporation and we are not responsible for their content, nor should the existence of a link imply any form of endorsement by us of the site, its content, or the party sponsoring it. The link is for the convenience of the visitors to our site only.
Information Cathedral Corporation Collects
General. This site does not collect personal identifying information about individuals except when specifically and knowingly provided by such individuals. The site may collect personal identifying information in several ways including through e-newsletter lists, mailing lists, online request forms, contests, feedback forms, surveys, or personal interest forms. Cathedral Corporation does not sell this information to third parties. This site does not collect or store any personal information about children under the age of 13 in accordance with the Children's Online Privacy Protection Act.
Usage tracking. Cathedral Corporation tracks usage patterns on our sites and breaks down overall usage statistics according to a user's domain name, browser type, and MIME type by reading this information from the browser string (information contained in every user's browser). However, we do not match this information with users' personally identifiable information.
Other Sites Which May Be Linked to this Site
Cathedral Corporation may contain links to other Internet sites maintained by third parties for your convenience only. Please note that when you click on one of these links, you may enter another web site for which Cathedral Corporation has no responsibility. We encourage you to read the privacy statements of all such sites as their policies may be materially different from this privacy statement.
EU/EEA Privacy Shield Policy
. To review Cathedral's representation on the Privacy Shield list, see the US Department of Commerce's Privacy Shield self-certification list located at: www.privacyshield.gov/
Personal Data Collection and Use
Data Transfers to Third Parties
Third-Party Agents or Service Providers. We may transfer EU/EEA Personal Data to our third-party agents or service providers who perform functions on our behalf including: managed hosted services, outsourced production operations of folding, and/or finishing, and/or incidental contact by production equipment service technicians. Where required by the Privacy Shield, we enter into written agreements with those third-party agents and service providers requiring them to provide the same level of protection the Privacy Shield requires and limiting their use of the data to the specified services provided on our behalf. We take reasonable and appropriate steps to ensure that third-party agents and service providers process EU/EEA Personal Data in accordance with our Privacy Shield obligations and to stop and remediate any unauthorized processing. Under certain circumstances, we may remain liable for the acts of our third-party agents or service providers who perform services on our behalf for their handling of EU/EEA Personal Data that we transfer to them.
Disclosures for National Security or Law Enforcement.
Under certain circumstances, we may be required to disclose your EU/EEA Personal Data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.
Cathedral maintains reasonable and appropriate security measures to protect EU/EEA Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the Privacy Shield.
You may have the right to access the EU/EEA Personal Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of the Privacy Shield. Typically, we do not hold or retain your Personal Data unless required by Statute, Regulation, Directive or Contract. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, or deletion of your EU/EEA Personal Data, you can submit a written request to the contact information provided below. We may request specific information from you to confirm your identity. In some circumstances we may charge a reasonable fee for access to your information.
Questions or Complaints
You can direct any questions or complaints about the use or disclosure of your EU/EEA Personal Data to us at: Cathedral Corporation, Attention: Compliance Officer, 632 Ellsworth Road, Rome, NY 13441 USA
We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your Personal Data within 45 days of receiving your complaint.
For any unresolved complaints, we have agreed to refer such matters to a non-profit dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment or satisfactory resolution of your claim you contact such dispute resolution provider at: www.bbb.org/EU-privacy-shield/for-eu-consumers
for further information and assistance.
You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have taken the following steps: (1) raised your compliant directly with Cathedral and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the US Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, see US Department of Commerce's Privacy Shield Framework: Annex I (Binding Arbitration). - www.privacyshield.gov/article?id=ANNEX-I-introduction
Definitions of terms under the EU General Data Protection Regulation applicable to certain work or services performed on behalf of European Citizens
Privacy Shield Principles: the principles contained within the EU-US Privacy Shield
Personal data: any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. Rec.26; Art.4(1)
Sensitive Personal Data: specific to personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; data concerning health or sex life and sexual orientation; genetic data or biometric data. Rec.10, 34, 35, 51; Art.9(1)
Processing: any operation or set of operations performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Art.4(2)
Controller: the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by EU or Member State laws, the controller (or the criteria for nominating the controller) may be designated by those laws. Art.4(7)
Processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller. Art.4(8)
Consent: "The consent of the data subject" means any freely given, specific, informed and unambiguous indication of his or her wishes by which the data subject, either by a statement or by a clear affirmative action, signifies agreement to personal data relating to them being processed. Rec.32; Art.4(11)
Nonpublic Personal Information (NPI): The Gramm-Leach-Bliley Act seeks to protect consumer financial privacy. Its provisions limit when a "financial institution" may disclose a consumer's "nonpublic personal information" to nonaffiliated third parties. The law covers a broad range of financial institutions, including many companies not traditionally considered to be financial institutions because they engage in certain "financial activities." The Privacy Rule protects a consumer's "nonpublic personal information" (NPI). NPI is any "personally identifiable financial information" that a financial institution collects about an individual in connection with providing a financial product or service, unless that information is otherwise "publicly available."
Protected Personal Information (PPI): Per U. S. 32 CFR § 701.101, Protected personal information (PPI) is any information or characteristics that may be used to distinguish or trace an individual's identity, such as their name, SSN, or biometric records.
Personally Identifiable Information (PII): NIST Special Publication 800-122 defines PII as "any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual's identity, such as name, social security number, date and place of birth, mother's maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information."
Protected Health Information (PHI): The U.S. Department of Health and Human Services (“HHS”) issued the “Privacy Rule” to implement the requirement of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "protected health information (PHI)." “Individually identifiable health information” is information, including demographic data, that relates to:
the individual’s past, present or future physical or mental health or condition,
the provision of health care to the individual, or
the past, present, or future payment for the provision of health care to the individual,
and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual. Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number). The Privacy Rule excludes from protected health information employment records that a covered entity maintains in its capacity as an employer and education and certain other records subject to, or defined in, the Family Educational Rights and Privacy Act, 20 U.S.C. §1232g.
Changes To This Policy
We reserve the right to amend this Policy from time to time consistent with the Privacy Shield's requirements.
Effective Date: 10/20/2017
Last modified: 10/20/2017
If you have any questions about this Policy or would like to request access to your EU/EEA Personal Data, please contact us as follows:
Attention: Compliance Officer
632 Ellsworth Road
Rome, NY 13441 USA