1. Introduction
CSIA LLC, operating as CSIA Enterprise (“CSIA,” “we,” “us,” or “our”), is committed to protecting the privacy and security of personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our customer service business processing outsourcing services, visit our website, or interact with us in any capacity.
As a business processing outsourcing firm providing customer service solutions, we process significant amounts of personal data on behalf of our clients. This policy applies to our operations as both a data controller (for our own business purposes) and as a data processor (when handling client customer data).
2. Scope and Application
This Privacy Policy applies to:
- Personal information collected through our website and digital platforms
- Information collected during the provision of our BPO services
- Data processed on behalf of our clients
- Information collected from employees, contractors, and business partners
- Data collected through customer service interactions, including phone calls, emails, chat services, and social media
3. Information We Collect
3.1 Information Collected as Data Controller
When operating our own business, we may collect:
Personal Identification Information
- Name, email address, phone number, and mailing address
- Job title, company name, and business contact information
- Government-issued identification numbers (for compliance purposes)
- Payment and billing information
Technical Information
- IP address, browser type, and device information
- Operating system and technical specifications
- Cookies and tracking technologies data
- Website usage data and analytics
- Login credentials and authentication data
Communication Data
- Correspondence with our sales, support, or management teams
- Survey responses and feedback
- Marketing preferences and communication history
- Meeting notes and call recordings (with consent)
3.2 Information Processed as Data Processor
When providing BPO services to our clients, we may process:
- End customer personal information (names, contact details, account information)
- Customer service interaction records (call recordings, chat transcripts, email correspondence)
- Transaction and order information
- Technical support and troubleshooting data
- Customer preferences and complaint records
- Any other information our clients authorize us to process on their behalf
Important Note: When we process data on behalf of our clients, we act as a data processor. Our clients remain the data controllers responsible for the lawful collection and use of their customers’ data. Please refer to our client’s privacy policy for information about how your data is handled when you interact with their services.
4. How We Collect Information
We collect information through various methods:
4.1 Direct Collection
- Forms submitted on our website or through email
- Account registration and profile creation
- Direct communications (phone, email, chat, in-person meetings)
- Contract negotiations and service agreements
- Customer service interactions when providing BPO services
4.2 Automated Collection
- Cookies and similar tracking technologies
- Server logs and analytics tools
- Call recording systems and quality monitoring software
- CRM and ticketing systems
- Security and surveillance systems
4.3 Third-Party Sources
- Our clients (when they engage us for BPO services)
- Business partners and service providers
- Publicly available sources and business directories
- Background check providers (for employment purposes)
5. How We Use Information
5.1 Use as Data Controller
We use information collected in our capacity as data controller for:
Service Delivery and Operations
- Providing and managing our BPO services
- Processing transactions and maintaining accounts
- Communicating about services, updates, and changes
- Responding to inquiries and providing support
- Managing contracts and business relationships
Business Improvement
- Analyzing service performance and quality
- Conducting research and developing new services
- Training and quality assurance purposes
- Internal reporting and business analytics
Legal and Compliance
- Complying with legal obligations and regulations
- Enforcing our terms and conditions
- Protecting our rights, property, and safety
- Preventing fraud and security threats
- Responding to legal requests and court orders
Marketing and Communications
- Sending promotional materials and newsletters (with consent)
- Conducting market research and surveys
- Personalizing marketing communications
- Managing marketing campaigns and events
5.2 Use as Data Processor
When processing data on behalf of clients, we use information strictly in accordance with:
- Client instructions and contractual agreements
- Applicable data processing agreements (DPAs)
- The specific purposes authorized by our clients
- Applicable privacy laws and regulations
6. Legal Basis for Processing
We process personal information based on the following legal grounds:
| Legal Basis |
Description |
| Consent |
You have given clear consent for us to process your personal data for specific purposes (e.g., marketing communications, call recordings) |
| Contract Performance |
Processing is necessary to fulfill our contractual obligations to you or to take steps at your request prior to entering into a contract |
| Legal Obligation |
Processing is necessary to comply with legal or regulatory requirements |
| Legitimate Interests |
Processing is necessary for our legitimate business interests or those of a third party, unless overridden by your fundamental rights and freedoms |
| Vital Interests |
Processing is necessary to protect someone’s life or physical safety |
7. Information Sharing and Disclosure
We may share personal information with the following categories of recipients:
7.1 Service Providers and Subprocessors
- Cloud hosting and infrastructure providers
- CRM and customer service software providers
- Payment processors and financial institutions
- IT support and cybersecurity services
- Quality assurance and training service providers
- Analytics and business intelligence platforms
7.2 Business Partners
- Our clients (when providing BPO services)
- Strategic partners and affiliates
- Auditors and professional advisors
7.3 Legal and Regulatory Authorities
- Law enforcement agencies
- Regulatory bodies and government authorities
- Courts and legal counsel
- Tax authorities
7.4 Business Transfers
In the event of a merger, acquisition, reorganization, or sale of assets, personal information may be transferred as part of the business transaction. We will provide notice and ensure continued protection of your information.
7.5 With Your Consent
We may share information with other parties when you provide explicit consent or direct us to do so.
Data Protection: All third parties we share data with are required to maintain appropriate security measures and use the information only for the purposes specified in our agreements.
8. International Data Transfers
As a business processing outsourcing firm, we may transfer personal information to countries outside of your jurisdiction, including to and from the United States. When we transfer data internationally, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses: We use EU-approved Standard Contractual Clauses for transfers to countries without adequate data protection laws
- Adequacy Decisions: We rely on adequacy decisions issued by relevant data protection authorities
- Data Processing Agreements: We establish robust DPAs with all international service providers
- Security Measures: We implement technical and organizational measures to protect data during international transfers
- Client Authorization: We obtain client approval before transferring their customers’ data internationally
For BPO operations, we maintain data centers and processing facilities in secure jurisdictions and comply with all applicable cross-border data transfer regulations including GDPR, CCPA, and other regional privacy laws.
9. Data Security
We implement comprehensive security measures to protect personal information:
9.1 Technical Security Measures
- Encryption of data in transit and at rest using industry-standard protocols
- Multi-factor authentication and strong password policies
- Regular security assessments and penetration testing
- Intrusion detection and prevention systems
- Secure backup and disaster recovery procedures
- Network segmentation and firewall protection
- Endpoint protection and antivirus software
9.2 Organizational Security Measures
- Access controls based on role and need-to-know principles
- Comprehensive employee training on data protection
- Confidentiality agreements with all staff and contractors
- Security incident response procedures
- Regular security audits and compliance reviews
- Physical security measures for facilities and equipment
- Vendor management and third-party risk assessment
9.3 Call Center Specific Security
- Secure recording and storage of customer interactions
- Screen masking and data redaction for sensitive information
- Quality monitoring with privacy protection
- Secure workstation configurations
- Clean desk policies and physical access controls
Data Breach Notification: In the event of a data breach that affects your personal information, we will notify you and relevant authorities in accordance with applicable laws, typically within 72 hours of discovery.
10. Data Retention
We retain personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
10.1 Retention Periods
| Data Category |
Retention Period |
| Client contract information |
Duration of contract + 7 years |
| Customer service records |
As specified in client agreements (typically 1-7 years) |
| Call recordings |
90 days to 2 years (based on purpose and legal requirements) |
| Financial records |
7 years |
| Marketing data |
Until consent withdrawn or 3 years of inactivity |
| Website analytics |
26 months |
| Employee records |
Duration of employment + 7 years |
10.2 Secure Disposal
When personal information is no longer needed, we securely delete or anonymize it using industry-standard methods including:
- Secure data wiping and destruction protocols
- Physical destruction of hardware containing sensitive data
- Anonymization and pseudonymization techniques
- Documented deletion procedures and certificates of destruction
11. Your Privacy Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
11.1 General Rights
- Right to Access: Request copies of your personal information
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal information (subject to legal requirements)
- Right to Restrict Processing: Request limitation on how we use your data
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests or for direct marketing
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
- Right to Lodge a Complaint: File a complaint with supervisory authorities
11.2 California Privacy Rights (CCPA/CPRA)
California residents have additional rights:
- Right to know what personal information is collected, used, shared, or sold
- Right to delete personal information (subject to exceptions)
- Right to opt-out of the sale or sharing of personal information
- Right to correct inaccurate personal information
- Right to limit use and disclosure of sensitive personal information
- Right to non-discrimination for exercising privacy rights
Note: CSIA Enterprise does not sell personal information to third parties.
11.3 European Privacy Rights (GDPR)
For individuals in the European Economic Area, United Kingdom, and Switzerland:
- All rights listed in section 11.1 apply
- Right to object to automated decision-making and profiling
- Right to lodge complaints with your local data protection authority
11.4 How to Exercise Your Rights
To exercise any of these rights, please contact us at:
- Email: contact@csiae.com
- Subject line: “Privacy Rights Request”
- Include: Your full name, contact information, and specific request
We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.
Client Customer Data: If you are a customer of one of our clients and your data was processed as part of our BPO services, please contact the client directly to exercise your rights, as they are the data controller.
12. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience on our website and improve our services.
12.1 Types of Cookies We Use
| Cookie Type |
Purpose |
Duration |
| Essential Cookies |
Required for website functionality, security, and navigation |
Session or up to 1 year |
| Performance Cookies |
Collect information about how you use our website to improve performance |
Up to 2 years |
| Functional Cookies |
Remember your preferences and personalize your experience |
Up to 1 year |
| Marketing Cookies |
Track your activity for targeted advertising (with consent) |
Up to 13 months |
12.2 Managing Cookies
You can control cookies through:
- Your browser settings (most browsers allow you to refuse cookies)
- Our cookie consent banner on first visit
- Third-party opt-out tools (e.g., Google Analytics opt-out)
Note that disabling certain cookies may limit website functionality.
12.3 Do Not Track Signals
Our website does not currently respond to “Do Not Track” signals from browsers. However, you can manage tracking through cookie settings and opt-out mechanisms.
13. Children’s Privacy
Our services are not directed to children under the age of 18, and we do not knowingly collect personal information from children. If we discover that we have inadvertently collected information from a child under 18, we will promptly delete such information.
In our role as a BPO service provider, if we process data that includes information about minors on behalf of our clients, we do so only under the client’s instruction and in compliance with applicable child privacy laws, including COPPA (Children’s Online Privacy Protection Act).
If you believe we have collected information from a child, please contact us immediately at contact@csiae.com.
14. Third-Party Links and Services
Our website and services may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to third-party sites or services.
We are not responsible for the privacy practices of third parties. We encourage you to review the privacy policies of any third-party sites or services before providing them with personal information.
When we integrate third-party tools into our BPO services (such as CRM systems, analytics platforms, or communication tools), we ensure these providers maintain appropriate data protection standards through contractual agreements.
15. Call Recording and Quality Monitoring
As part of our customer service BPO operations, we may record telephone calls, video conferences, and monitor other customer interactions for the following purposes:
- Quality assurance and training
- Compliance monitoring and dispute resolution
- Service improvement and performance evaluation
- Legal protection and evidence preservation
- Fraud prevention and security
Recording Practices
- We provide clear notification at the beginning of recorded calls
- Recordings are stored securely with access limited to authorized personnel
- Recordings are retained according to client requirements and legal obligations
- You may request to opt-out of recording (where legally permissible)
- Recordings may be used for training purposes with personal identifiers removed
16. Employee and Contractor Privacy
For individuals employed by or contracting with CSIA Enterprise, we collect and process:
- Contact and identification information
- Employment history and qualifications
- Performance and productivity data
- Compensation and benefits information
- Background check results (where legally permissible)
- Time and attendance records
- Training and development records
- System access logs and monitoring data
Employee data is used for:
- Employment administration and payroll
- Performance management and career development
- Health and safety compliance
- Legal compliance and record-keeping
- Security and access control
Separate employee privacy notices may be provided containing additional details.
17. Data Processing Agreements
When we provide BPO services as a data processor, we enter into Data Processing Agreements (DPAs) with our clients that:
- Define the scope, nature, and purpose of data processing
- Establish security requirements and obligations
- Specify data retention and deletion procedures
- Address subprocessor usage and approval
- Include audit rights and compliance verification
- Detail breach notification procedures
- Address cross-border data transfer mechanisms
- Comply with GDPR, CCPA, and other applicable regulations
Our clients remain responsible for the lawfulness of data collection and for providing appropriate privacy notices to their customers.
18. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or for other operational reasons.
When we make material changes:
- We will update the “Last Updated” date at the top of this policy
- We will notify you via email or prominent notice on our website
- For significant changes affecting your rights, we may seek renewed consent
- We will provide at least 30 days’ notice before implementing material changes
We encourage you to review this Privacy Policy periodically to stay informed about
