Additional EEA Privacy Disclosures
Last Updated/Reviewed: November 13, 2019
These Additional European Economic Area (EEA) Privacy Disclosures supplement the information contained in the CDW Privacy Notice . These Disclosures apply only to our processing of your personal data where you are based in the EEA or Switzerland. CDW Limited is the data controller responsible for the collection and use of such personal data. Unless otherwise expressly stated, terms in these Disclosures have the same meaning as defined in the Notice.
CDW participates in the EU-U.S. Privacy Shield. See the International Data Transfers section below for further details.
Learn More About EEA Privacy
Personal Data Disclosures
When we use the term “personal data” in these Disclosures, we mean any information relating to an identified or identifiable natural person.
We rely on the following legal grounds to process Personal Data about you, whether it is obtained from you or a third party:
Contact Information
Your name, email address, social media handle, mailing address, and telephone number.
- Create and administer your account with us.
- Process your order and credit requests.
- Deliver products and services you request.
- Send you transaction information, including confirmations, invoices, technical notices, product and services information, updates, security alerts, support and administrative messages, and information about your credit with us.
The processing is necessary for the performance of a contract with you and to take steps prior to entering into a contract with you.
- Communicate with you about and facilitate new contests, promotions and rewards, and upcoming events.
The processing is necessary for our legitimate interests, namely administering the promotion or contest, and for communicating with you effectively regarding the promotion or contest.
- Send you marketing communications, such as advertisements and news about products and services offered by us and our business partners.
- Coordinate with our business partners to allow them to participate in limited co-marketing opportunities.
We will only use your personal information in this way to the extent you have given us consent to do so.
Social Media Information
Such as your social media handle and other account information in accordance with your settings on the social media site.
- Provide you with an interactive social media experience that allows you to connect your social networking account with our online services.
We will only use your personal information in this way to the extent you have given us consent to do so.
Employment Information
Such as your job title, department, employer or business, and, if you perform work on our behalf, information obtained from your resume and your drug or background check (if any).
- Create and administer your account with us.
The processing is necessary for the performance of a contract with your employer (where you have placed orders on behalf of your employer) and to take steps prior to entering into a contract with your employer.
Account Information
Such as your account ID, customer ID, and username and password.
- Create and administer your account with us.
The processing is necessary for the performance of a contract with you and to take steps prior to entering into a contract with you.
Transaction Information
Such as your payment information, credit information, order details, and order/product preferences.
- Process your order and credit requests.
- Deliver products and services you requests.
The processing is necessary for the performance of a contract with you and to take steps prior to entering into a contract with you.
- Provide you with advertisements based on your interests, order history and interactions with us.
- Link or combine with other information we get from third parties.
The processing is necessary for our legitimate interests (namely, understanding market trends, customer needs and providing you with tailored advertisements).
- Facilitate the provision of software updates, product support, and other services related to our and our business partners' mobile applications and other products.
The processing is necessary for the performance of a contract with you and to take steps prior to entering into a contract with you.
Event Information
Such as your attendance at a CDW event.
- We use this information to provide you with information on relevant events and to facilitate your participation in those events.
The processing is necessary for our legitimate interests (namely, to promote and organise events).
Survey Information
Such as your responses to survey questions about your business and your satisfaction with CDW.
- Provide you with advertisements based on your interests, order history and interactions with us.
The processing is necessary for our legitimate interests (namely, understanding market trends, customer needs and providing you with tailored advertisements).
- Conduct research and surveys.
The processing is necessary for our legitimate interests (namely, to conduct research and surveys to measure our performance and improve our and our business partners' products, services and customer experience).
Contest Entry Information
Such as your statements and submissions for entry into a contest.
- Process and deliver contest entries and rewards.
The processing is necessary for our legitimate interests (namely, to facilitate contests).
Inquiry Information
Such as the content of your email, text, or chat with us and, where applicable, your voice from calls with us.
- Provide you with advertisements based on your interests, order history and interactions with us.
The processing is necessary for our legitimate interests (namely, understanding market trends, customer needs and providing you with tailored advertisements).
- Respond to your comments and questions and provide customer service.
The processing is necessary for our legitimate interests, namely communicating with users and responding to queries, complaints and concerns.
Log File Data
Including your IP address, device operating system, application software, browser type, peripheral devices, language, user log and clickstream data, access times, Active Directory information and the websites you visited before/after ours.
- We may use information about how you use and connect to our services online, and to present the services to you on your device.
The processing is necessary for our legitimate interests, namely to tailor the service to the user.
- We may use this information to determine products and services that may be of interest to you for marketing purposes.
The processing is necessary for our legitimate interests (namely, to provide you with tailored advertisements).
- We may use this information to monitor our online services and for other internal purposes.
The processing is necessary for our legitimate interests (namely, to improve our online services and business and internal purposes such as to detect and prevent fraud).
Cookies and Related Technology Data
Including your usage and activity on our online services, such as information relating to your orders, purchases and cart activity, using essential and non-essential cookies, web beacons and related data collection technologies.
For more information, including on how to control privacy settings and your ad choices, please read our Cookie Notice.
- We may use information to present the online services to you on your device.
The processing is necessary for our legitimate interests, namely to tailor the online services to the user.
- We may use this information to monitor our online Services and for other internal purposes.
The processing is necessary for our legitimate interests (namely, to improve our online Services and business and internal purposes such as to detect and prevent fraud).
Location Data
Including your general geographic location based on your IP address or more precise location when accessing the website through a mobile device.
- We may use this information to detect fraud or suspicious activity in relation to your account.
The processing is necessary for our legitimate interests, namely to protect our business and your account from fraud and other illegal activities.
- We may use this information to localise features of our online services.
The processing is necessary for our legitimate interest, namely localising features of the online Services and tailoring the online Services so that it is more relevant to our users.
You are not required to provide personal data to us, but we do rely on your personal data to provide certain of our services and products. For example, we need your personal data to facilitate and deliver an order that you request. If you choose not to provide us with your personal data, we may not be able to provide you with a service or product you request.
We retain personal data about you for as long as is necessary for the purposes set out in these Disclosures, unless a longer period is required under applicable law or is needed to resolve disputes or protect our legal rights.
The criteria used to determine the period for which personal data about you will be retained varies depending on the legal basis under which we process the personal data:
Legitimate
Where we are processing personal data based on our legitimate interests, we generally will retain such information for a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of data subjects.
Consent
Where we are processing personal data based on your consent, we generally will retain the information for the period of time necessary to fulfill the underlying agreement with you, subject to your right, under certain circumstances, to have certain of your data erased (please see the Your Privacy Rights section below).
Legal Obligation
Where we are processing personal data based on a legal obligation, we generally will retain the information for the period of time necessary to fulfill the legal obligation.
Legal Claim
We may need to apply a “legal hold” that retains information beyond our typical retention period where we face threat of legal claim. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved.
Contract
Where we are processing personal data based on contract, we generally will retain the information for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from the contractual relationship.
International Data Transfers
We may transfer personal data about you among us and to our subsidiaries or affiliates, as well as to the categories of third parties identified in the Our Disclosure of Personal Information section of the Notice. Personal data may be transferred to, stored and processed in a country other than the one in which it was collected, including, but not limited to, the United States. The country to which personal data is transferred may not provide the same level of protection for personal data as the country from which it was transferred.
We may transfer personal data about you outside the EEA and Switzerland and when we do so, we rely on appropriate or suitable safeguards recognized under the GDPR including adequacy decisions, standard contractual clauses and the EU‑U.S. Privacy Shield.
We may transfer personal data about you to countries that the European Commission has deemed to adequately safeguard personal data.
The European Commission has adopted Standard Contractual Clauses, which provide safeguards for personal data transferred outside of the EEA. We may use these Standard Contractual Clauses when transferring personal data from a country in the EEA to a country outside the EEA that has not been deemed to adequately safeguard personal data. You can request a copy of our Standard Contractual Clauses by contacting us as set forth in the How to Contact Us section below.
The EU-U.S. Privacy Shield Framework (Privacy Shield) was designed by the U.S. Department of Commerce and the European Commission to ensure adequate protection for Personal Data transferred to a company certified under Privacy Shield. If we transfer any personal data about you from the EEA to a third party outside the EEA who is certified under Privacy Shield as set forth by the U.S. Department of Commerce, we may rely on such certification to ensure adequate protection for personal data so transferred.
In addition, CDW LLC, CDW Direct LLC, CDW Government LLC, CDW Logistics, Inc., and CDW Technologies LLC are certified under Privacy Shield, and as part of this commitment, protects personal data received about customers in accordance with Privacy Shield Principles. These CDW entities remain responsible for onward transfers of personal data to third parties, unless we prove we are not responsible for the event giving rise to the damage. These CDW entities may also be required to disclose personal data in response to lawful requests by public authorities, including in order to satisfy national security or law enforcement requirements.
These CDW entities commit to resolve complaints about our collection or use of personal data, and are subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to Privacy Shield. If you have questions or complaints regarding our Privacy Shield certification, you should first contact us at personaldatainquiry@cdwemail.com. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. In addition, under certain conditions, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
To learn more about Privacy Shield and review our self-certification, please visit the Privacy Shield List here.
Access
The right to access and obtain a copy of personal data about you, as well as information relating to its processing.
Rectification
The right to correct or update any personal data about you that is inaccurate or incomplete.
Restriction of Processing
The right to require us to limit the purposes for which we process your personal data if the continued processing of the personal data in this way is not justified, such as where the accuracy of the personal data is contested by you.
Erasure
The right to request the deletion or erasure of personal data about you without undue delay if the continued processing of that personal information is not justified.
Portability
The right to obtain a copy of personal data about you in an easily accessible format and the right to transmit that personal data to another controller.
Objection
You also have the right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal data, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.
Please note that if the exercise of these rights limits our ability to process personal data, we may not be able to provide our products or services to you, or otherwise engage with you going forward.
Where we rely on your consent for processing of your personal data, you also have the right to withdraw your consent to such processing, subject to certain limitations at law.
You may withdraw your consent in the following ways:
- Marketing Communications: Where you have provided your consent to marketing communications, you may withdraw your consent by following the opt-out instructions provided in the Managing Communication Preferences section in our Notice, except that the contact to manage any email or Catalog subscriptions in the UK is marketing@uk.cdw.com.
- Cookies and Related Technologies: Where you have provided your consent for the use of cookies and related technologies, you may withdraw your consent by following the instructions provided in our Cookie Notice.
- Contact Us: You may also withdraw your consent by contacting us as set forth in the How to Contact Us section below.
To submit a request, please contact us as set forth in the How to Contact Us section below or by filling out our Rights Request Form. We may need to verify your identity before processing your request, which may require us to obtain additional personal data from you. In certain circumstances, we may decline a request to exercise the rights described above.
If you have any complaints regarding our privacy practices, you have the right to lodge a complaint with your national data protection authority (i.e., supervisory authority). You may also contact our Lead Supervisory Authority, the Information Commissioner’s Office of the United Kingdom, with any questions about our privacy practices.
Changes to these Disclosures
We may update these Disclosures from time to time. When we make changes to these Disclosures, we will change the date at the beginning of these Disclosures to include the "Last Updated" date. If we make material changes to this Notice, we will notify you by email to your registered email address, by prominent posting on our online services, or through other appropriate communication channels. All changes shall be effective from the date of publication unless otherwise provided in the notification.
How to Contact Us
If you have any questions or requests in connection with this Notice or other privacy-related matters, please send an email to personaldatainquiry@cdwemail.com.
Alternatively, inquiries may be addressed to:
Global Compliance & Ethics
CDW Limited
3rd Floor, 10 Fleet Place
London, EC4M 7RB
UK