Data Privacy

Last Revised: February 2, 2024

SC&H Group, Inc. (“SC&H”) complies with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce (collectively “DPF”). SC&H has certified to the U.S. Department of Commerce that it adheres to the DPF Principles with regard to the processing of personal data received that is transferred from the European Union and its Member States, the European Economic Area, the United Kingdom (and Gibraltar), and/or Switzerland to the United States. If there is any conflict between the terms in this privacy policy and the DPF Principles, the Principles shall govern. To learn more about the DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

The additional entities covered under SC&H’s DPF Policy include:

  • Stout, Causey Consulting, Chartered
  • SC&H Capital Corporation
  • SC&H Financial Advisors, Inc.
  • SC&H Attest Services, P.C.

SC&H is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

This DPF Policy applies to personal information within the scope of SC&H’s DPF certification, which covers the following:

  • Personal information regarding current, former and prospective clients and their personnel or others for the purposes of rendering SC&H’s services, managing the overall relationship, and business development activities.
  • SC&H may also collect personal information in order to address inquiries and / or provide information, as requested.

For the purposes of this DPF Policy, “personal information” means information that pertains to a specific individual and can be directly or indirectly linked to that individual.

SC&H may disclose personal information to third party service providers in connection with the operations of our business, including delivering services to our clients and managing the client relationship. Any onward transfer of personal information is done so after SC&H ascertains that the third party provides at least the same level of protection required by the DPF. SC&H remains responsible for the information that has been transferred to the third-party service provider and may be liable if the third party fails to meet the obligations set forth in the Principles, unless SC&H proves that it was not responsible for the event giving rise to the damage.

You have the right to choose (opt out) whether your personal data is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you. If you wish to opt out, please contact SC&H at dataprivacy@schgroup.com. Applicable law allows certain exceptions to your ability to opt out, such as where we are parties to a contract that is still being performed. Where applicable law permits SC&H to retain and continue to use such information and we do so, SC&H will do so only to the extent permitted or required by law. If you contact SC&H to opt out, we will explain the options available and comply with your request as required by the DPF Principles and applicable law.

SC&H may also be required to disclose personal information to law enforcement, regulatory or government agencies, or to other third parties in order to comply with legal, regulatory, or national security obligations or requests.

DPF Dispute Resolution

In compliance with the DPF Principles, SC&H commits to resolve complaints about our collection or use of your personal information. EU, UK and Swiss individuals with inquiries, complaints regarding our DPF policy or requests to access, correct, amend, delete or restrict the usage of personal information should first contact SC&H at: dataprivacy@schgroup.com.

SC&H will respond to inquiries and complaints within forty-five (45) days from the date of the inquiry or complaint. SC&H has further committed to cooperate with the panel established by the EU data protection authorities (“DPAs”), the UK’s Information Commissioner’s Office (“ICO”) and the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) with regard to unresolved DPF complaints concerning data transferred from the EU, UK and Switzerland. If we are unable to satisfactorily resolve the matter you raise and it pertains to personal information covered by this DPF Policy, the issue may be raised to the EU DPAs by obtaining their contact information here, the UK ICO by obtaining their contact information here, or the Swiss FDPIC by obtaining their contact information here.

In certain situations, you may have the possibility to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms. Please refer to Annex I of the DPF by clicking here for additional information on the conditions required to invoke binding arbitration after other DPF dispute resolution mechanisms are exhausted.