Products Solutions Data Centers
Close Menu
Home Products Solutions Data Centers Company Customer Resources Contact
Get in touch
Company Customer Resources Contact
Menu
Privacy

Effective: June 4, 2024

I. Scope & Application

The purpose of this EU-US and Swiss-US Data Privacy Framework Policy (“DPF Policy” or the “Policy”) is to ensure and document the compliance of Phoenix Infrastructure LLC (also known as “Centersquare”) and its affiliates (collectively “Centersquare,” “we,” “our,“ or “us”) with the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF (the “UK Extension”), and the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF”) (collectively the “DPF” or the “DPF Principles”) set forth by the United States Department of Commerce with respect to the collection, use and retention of Personal Data transferred from the European Union, United Kingdom, and Switzerland to the United States as further described herein.

This Policy outlines Centersquare’s commitment and compliance with, the DPF Principles as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU, the UK, and Switzerland to the United States.  Although Centersquare no longer relies on the DPF as a lawful transfer mechanism, but instead relies on Standard Contractual Clauses, Group Affiliates in the United States continue to apply the DPF to the data previously transferred to them pursuant to the DPF.

This Policy can be found at centersquaredc.com/data-privacy-framework-principles.

II. Definitions

Please see the definitions as presented in the General Privacy Policy found here.

III. Compliance with Data Privacy Framework

Centersquare complies with the DPF Principles as set forth by the U.S. Department of Commerce.  Centersquare has certified to the U.S. Department of Commerce that it adheres to the Swiss‑U.S. DPF regarding the processing of Personal Data received from Switzerland in reliance on the” Swiss‑U.S. DPF. If there is any conflict between the terms in this Policy and the EU‑U.S. DPF, the UK Extension, and/or the Swiss‑U.S. DPF, the DPF Principles shall govern.  If this Policy is inconsistent with the company’s General Privacy Policy, where applicable, and/or the company’s GDPR Privacy Policy regarding the Processing of EU/UK or Swiss Personal Data, this Policy shall prevail.

To learn more about the Data Privacy Framework program, and to view our certification, please visit https:// www.dataprivacyframework.gov.

  1. Further detail below regarding compliance with DPF:
    • Notice

      Centersquare adheres to the Notice Principle. Centersquare has certified its adherence to the DPF Principles insofar as they apply to Centersquare in its role as Controller or Processor, in the given context, in regard to Personal Data that is covered by this Policy.

    • Centersquare’s Collection, Use, and Disclosure of EU/UK and Swiss Personal Data

      Centersquare collects, uses, and discloses Personal Data[1] relating to Website Visitors, Representatives, and other individuals with whom it interacts when performing, advertising, and demonstrating its Services or in connection with other interactions. Centersquare may also Process EU/UK/Swiss Personal Data of applicants to work at Centersquare. Centersquare also may Process EU/UK/Swiss Personal Data as a Processor pursuant to the Customer’s or other person’s or entity’s instruction.

    • Means for Individuals to Limit Use and Disclosure of EU/UK and Swiss Personal Data

      In our role as Controllers, we adhere to the Choice Principle and the Sensitive Data and Choice – Timing of Opt Out Supplemental Principles.  We offer individuals whose Personal Data is subject to this Policy choice regarding the processing of their EU/UK/Swiss Personal Data, including where relevant Sensitive Data, as described in Section III.B of this Policy.

    • Inquiries and Complaints, and Right of Recourse

      Individuals whose Personal Data is covered by this Policy may contact us to submit inquiries or complaints regarding their adherence to the Principles and to request access to their EU/UK/Swiss Personal Data by contacting us via email at privacy@centersquaredc.com, or writing to us at Centersquare, 3100 Olympus Blvd, Suite 510, Coppell, TX 75019, Attention: Centersquare Legal Department. Please see Section III.F of this Policy for more information regarding the right to request access to EU/UK/Swiss Personal Data. For information about how to pursue unresolved complaints relating to this Policy, please see Section III.G below.

    • Centersquare Is Subject to the Investigatory and Enforcement Powers of the Federal Trade Commission and Complies with Lawful Data Requests

      Centersquare is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) regarding Personal Data received and processed pursuant to the DPF Principles. Centersquare may be required to disclose EU/UK/Swiss Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

    • Liability in the Case of Onward Transfers

      In the context of an onward transfer, we are responsible for the Processing of EU, UK and Swiss Personal Data received pursuant to the DPF Principles and subsequently transferred to a Service Provider acting on our behalf. We remain liable under the Principles if our Service Provider Processes such EU/UK/Swiss Personal Data in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.

  2. Choice

    We may obtain consent directly from individuals to Process their EU/UK/Swiss Personal Data in connection with the use of our Website or through other interactions between Centersquare and Representatives associated with Customers or other persons or entities and applicants for employment.

    We offer individuals who are covered by this Policy the opportunity to choose whether their EU/UK/Swiss Personal Data is to be disclosed to a third party (“opt out”) other than Service Providers acting on our behalf, which are contractually obligated to adhere to the onward transfer provisions (see Section III.C below).

    When acting as a Controller, we also offer individuals who are covered by this Policy the opportunity to opt out if we provide notice that we intend to use their EU/UK/Swiss Personal Data for a purpose that is materially different from the purpose(s) for which it was originally collected or authorized by the individual in question. Individuals may opt out by sending an email to: unsubscribe@centersquaredc.com. If opting out, please provide, at a minimum, your name and identify your employer to assist us in verifying your identity, and please identify the uses or disclosures of EU/UK/Swiss Personal Data for which you are choosing to opt out. Note that opting out may affect our ability to provide our Services and impact our interactions with individuals.

    With regard to Sensitive Data, when we act as a Controller, we will obtain affirmative express consent (opt-in) if Sensitive Data is to be disclosed to a third party or is to be used for a purpose other than that for which it was originally collected or subsequently authorized by the individuals through the exercise of opt in choice, unless the EU/UK/Swiss Personal Data in question is subject to an exception contained in the Sensitive Data Supplemental Principle.

    In cases where we are acting as a Processor, we will assist the other party in complying with the Choice Principle.

    Please see Section III.A.2 of this Policy for more information regarding our adherence to the Choice Principle and the Sensitive Data and Choice – Timing of Opt Out Supplemental Principles

  3. Accountability for Onward Transfer

    For Personal Data covered by the Policy, we adhere to the Accountability for Onward Transfer Principle and the Obligatory Contracts for Onward Transfer Supplemental Principle.

  4. Security

    For Personal Data covered by this Policy, we adhere to the Security Principle. We take reasonable and appropriate measures to protect EU/UK/Swiss Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, considering the risks involved in the Processing and the nature of the EU/UK/Swiss Personal Data. In cases where we are acting as a Processor, we secure EU/UK/Swiss Personal Data in accordance with our contractual obligations to the other party.

  5. Data Integrity and Purpose Limitation

    In our role as Controllers, Centersquare adheres to the Data Integrity and Purpose Limitation Principle for Personal Data covered by this Policy. Our collection and use of EU/UK/Swiss Personal Data is limited to the EU, UK and Swiss Personal Data that is relevant for the purposes of Processing, including, for example, those that, depending on the circumstances, reasonably serve Customer relations, the application process, compliance and legal considerations, auditing and due diligence, security and fraud prevention, preserving or defending Centersquare’s legal rights, or other purposes consistent with the expectations of a reasonable person given the context of the collection. This may include Processing in the manner described in the Performing Due Diligence and Conducting Audits Supplemental Principle.

    We will keep the EU/UK/Swiss Personal Data covered by this Policy in accordance with the terms and conditions of the relevant agreement in cases where Centersquare is acting as a Processor or agent. In cases where we are acting as a Controller, we may retain the EU/UK/Swiss Personal Data for the longer of any of the following: (i) the period during which an individual is actively using the Website, serving as a Customer Representative, acting as a Representative of a Service Provider of Centersquare or otherwise interacting with Centersquare; (ii) the period specified in the unambiguous consent to the Processing of its data by us for specified purposes; or (iii) as long as necessary for us to meet any applicable legal requirements or to protect our legitimate interests, including with respect to actual or potential legal claims.

  6. Access

    In our role as a Controller, we adhere to the Access Principle and Access Supplemental Principle for covered Personal Data. Individuals may obtain access to EU, UK and Swiss Personal Data about them that we hold. For this purpose, “access” means that individuals have the right to:

    • obtain from Centersquare confirmation of whether or not we are Processing EU, UK and/or Swiss Personal Data relating to them;
    • have communicated to them EU, UK and/or Swiss Personal Data relating to them so that they can verify its accuracy and the lawfulness of the Processing; and
    • have the EU, UK and/or Swiss Personal Data corrected, amended, or deleted where it is inaccurate or Processed in violation of the DPF Principles. Individuals may request to access their EU, UK and Swiss Personal Data using the contact information listed in Section III.A.3 above.

    We may limit or deny access as provided in the Principles, including where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated. If we determine that access should be restricted in any instance, we will provide, as appropriate, to the individual requesting access an explanation of why Centersquare has made a determination to restrict access and a contact point for any further inquiries. We are not required to provide access unless it is supplied with sufficient information to allow us to confirm the identity of the person making the request. We will respond to all access requests within a reasonable time period, in a reasonable manner, and in a form that is readily intelligible to the individual.  

    In cases where Centersquare is acting as a Processor, we will assist the other party in meeting its obligation to provide access, or we will obtain authorization from the other party prior to providing access or refer the requesting individual to the appropriate contact at the other party.  We may charge a fee for providing access where necessary or appropriate.

    Please see Section III.A.3 of this Policy for more information regarding our adherence to the Access Principle and Access Supplemental Principle.

  7. Recourse, Enforcement, and Liability

    For Personal Data covered by this Policy, Centersquare adheres to the Recourse, Enforcement, and Liability Principle and the Verification and Dispute Resolution and Enforcement Supplemental Principles. We have established in-house procedures for receiving and addressing complaints. Individuals may contact us to submit inquiries or complaints regarding our adherence to the Principles using the contact information listed in Section III.A.3 above. We will respond to individuals within 45 days of receiving a complaint.  

    In compliance with the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF, Centersquare commits to refer unresolved complaints concerning our handling of Personal Data received in reliance on the EU-U.S. DPF, the UK Extension, and the Swiss-U.S. DPF to International Centre for Dispute Resolution (“ICDR”), an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of International Centre for Dispute Resolution (“ICDR”) are provided at no cost to you.

    Please see Section III.A.3 of this Policy for more information regarding our adherence to the Recourse, Enforcement, and Liability Principle and the Verification and Dispute Resolution and Enforcement Supplemental Principles.

  8. Adherence to the Principles

    Where applicable, Centersquare adheres to, or its data practices with respect to EU, UK and Swiss Personal Data received pursuant to this Policy are consistent with, the DPF Principles, including those not specifically listed above, such as the Supplemental Principles of: Self-Certification; Public Record and Publicly Available Information; and Access Requests by Public Authorities.

1. Please refer to the definition section of Centersquare’s General Privacy Policy for the meaning of capitalized terms that are not defined in this Policy.