Privacy Shield

Last Revised: 01/31/2022

SC&H Group, Inc. (“SC&H”) complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.  SC&H has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/

The additional entities covered under SC&H’s Privacy Shield Policy include:

  • Stout, Causey Consulting, Chartered
  • SC&H Capital Corporation
  • SC&H Financial Advisors, Inc.
  • SC&H Attest Services, P.C.
  • SC&H Tax and Advisory Services, LLC

SC&H is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

This Privacy Shield Policy applies to personal information within the scope of SC&H’s Privacy Shield certification, which covers the following:

  • Personal information regarding current, former and prospective clients and their personnel or others for the purposes of rendering SC&H’s services, managing the overall relationship, and business development activities.
  • SC&H may also collect personal information in order to address inquiries and / or provide information, as requested.

For the purposes of this Privacy Shield Policy, “personal information” means information that pertains to a specific individual and can be directly or indirectly linked to that individual.

SC&H may disclose personal information to third party service providers in connection with the operations of our business, including delivering services to our clients and managing the client relationship. Any onward transfer of personal information is done so after SC&H ascertains that the third party provides at least the same level of protection required by the Privacy Shield. SC&H remains responsible for the information that has been transferred to the third party service provider and may be liable if the third party fails to meet the obligations set forth in the Principles, unless SC&H proves that it was not responsible for the event giving rise to the damage.

You have the right to choose (opt out) whether your personal data is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by you. If you wish to opt out, please contact SC&H at usprivacyshield@schgroup.com. Applicable law allows certain exceptions to your ability to opt out, such as where we are parties to a contract that is still being performed. Where applicable law permits SC&H to retain and continue to use such information and we do so, SC&H will do so only to the extent permitted or required by law. If you contact SC&H to opt out, we will explain the options available and comply with your request as required by the Privacy Shield Principles and applicable law.

SC&H may also be required to disclose personal information to law enforcement, regulatory or government agencies, or to other third parties in order to comply with legal, regulatory, or national security obligations or requests.

Privacy Shield Dispute Resolution

In compliance with the Privacy Shield Principles, SC&H commits to resolve complaints about our collection or use of your personal information.  EU and Swiss individuals with inquiries, complaints regarding our Privacy Shield policy or requests to access, correct, amend, delete or restrict the usage of personal information should first contact SC&H at:  usprivacyshield@schgroup.com

SC&H will respond to inquiries and complaints within forty-five (45) days from the date of the inquiry or complaint. SC&H has further committed to cooperate with the panel established by the EU data protection authorities (“DPAs”) and the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland. If we are unable to satisfactorily resolve the matter you raise and it pertains to personal information covered by this Privacy Shield Policy, the issue may be raised to the EU DPAs by obtaining their contact information here or the Swiss FDPIC by obtaining their contact information here.

In certain situations, you may have the possibility to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. Please refer to Annex I of the Privacy Shield by clicking here for additional information on the conditions required to invoke binding arbitration after other Privacy Shield dispute resolution mechanisms are exhausted.