EU-US Data Privacy Framework

Cass EU-US Data Privacy Framework

Effective Date: October 10, 2023

Note: Our global data privacy policy can be found here.

Cass Information Systems, Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. Cass Information Systems, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework program Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

The following Cass Information Systems, Inc. subsidiary participates in the EU-US Data Privacy Framework and adheres to the EU-U.S. DPF Principals:

Cass International, LLC
Cass Commercial Bank

Notice of Information We Collect, How We Use It and How You Control It

We collect personal and non-personal information via our various websites to provide you with additional content and reports on a continual basis or to provide you with a specific service through contractual agreements with your employer.

Cookies: When you use our site we may store cookies on your computer in order to facilitate and customize your use of our site. A cookie is a small data text file, which a website stores on your computer's hard drive (if your Web browser permits) that can later be retrieved to identify you to us. Our cookies may store information about you, your computer, or your preferences so that you may more easily use our site. The cookies make the site run more smoothly and help us to maintain a more secure site. You have the choice to opt out of this functionality and are always free to decline our cookies if your browser permits, but our site may not work as effectively.

Registration: In order to service our customers, portions of our site may require you to submit information that is typically business related, but may be personal in certain circumstances. We will use the information you provide in the ways you’d reasonably expect – for example, providing additional content/information delivery, stipend payment, delivery of a contracted service, or a payment to a service provider. You have a right to access this data and correct or remove it. The specific registration site or additional communication information provided to you will supply directions on how to correct or remove your data at your request. In all cases you can always contact the Privacy Officer for assistance using the information below.

Onward Transfer and Liability

Cass Information Systems, Inc. does not sell, trade, share or rent your personal information to unaffiliated third parties. Affiliated third parties may receive your data in fulfillment of our service. We maintain specific contract agreements with these companies to ensure that they use the data only for intended purposes and protect the data as we would. If this practice were to change, we would specifically provide you with the opportunity to choose to “opt in” or “opt out” of the sharing of your data.

We may be required to release personal information to third parties in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Data Privacy Framework, Cass Information Systems, Inc. is potentially liable.

Recourse and Enforcement

In compliance with the EU-US Data Privacy Principles, Cass Information Systems, Inc. commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union individuals with DPF inquiries or complaints should first contact Cass Information Systems, Inc. at: 

Cass Information Systems, Inc.
Attn: Privacy Policy
12444 Powerscourt Drive, Suite 550
St. Louis, Missouri 63131

Cass Information Systems, Inc. is subject to the investigative and enforcement authority of the United States Federal Trade Commission (FTC).

Cass Information Systems, Inc. has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers  for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2.