Charles River’s Privacy Shield Policy

Privacy Statement

Effective Date: September 30, 2016
Last Modified: March 11, 2020

This Privacy Shield Policy (“Policy”) describes how Charles River Systems, Inc. d/b/a Charles River Development (“Charles River”) and its United States (“US”) subsidiaries Charles River Brokerage, LLC and Charles River Development, Inc. collect, use, and disclose certain personally identifiable information that we receive in the US from the European Union and the United Kingdom (“Personal Data”). This Policy supplements our Website Privacy Policy located at, and unless specifically defined in this Policy, the terms in this Policy have the same meaning as the Website Privacy Policy. Charles River has elected to self-certify to the EU-US Privacy Shield Framework administered by the US Department of Commerce (“Privacy Shield”), with respect to such Personal Data. Charles River’s certification can be found at:

For purposes of enforcing compliance with the Privacy Shield, Charles River is subject to the investigatory and enforcement authority of the US Federal Trade Commission. For more information about the Privacy Shield, see the US Department of Commerce’s Privacy Shield website located at:

Personal Data Collection and Use

Charles River may receive the following categories of Personal Data in the US: Data provided by its customers or their partners for processing in connection with the software and services Charles River provides, human resources and recruiting data in connection with its employee relations, website data as identified in, and marketing & sales data, including voluntarily provided contact information. To the extent that Charles River customers input Personal Data into Charles River’s products and services, there is no way to distinguish such Personal Data from any other type of data. Charles River will only process Personal Data in ways that are compatible with the purpose that Charles River collected it for, or for purposes the data subject later authorizes. Before Charles River uses Personal Data for a purpose that is materially different than the purpose we collected it for or a purpose later authorized by the data subject, Charles River will provide you with the opportunity to opt out.

By providing Charles River with unsolicited sensitive personal data, you explicitly consent to such data being collected, processed and transferred by Charles River.

Data Transfers to Third Parties

Third-Party Agents or Service ProvidersCharles River may transfer Personal Data to its third-party agents or service providers who perform functions its behalf. Where required by the Privacy Shield, Charles River enters into written agreements with those third-party agents and service providers requiring them to provide the same level of protection the Privacy Shield requires and limiting their use of Personal Data to the specified services provided on Charles River’s behalf. Under certain circumstances, Charles River may remain liable for the acts of its third-party agents or service providers who perform services on its behalf for their handling of Personal Data that Charles River transfers to them.

Compelled Disclosure: Under certain circumstances, Charles River may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.


Charles River maintains reasonable and appropriate security measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the Privacy Shield.

Access Rights

EU and UK data subjects may have the right to access the Personal Data in Charles River’s possession, and to limit use and disclosure of such Personal Data. Concerns regarding Personal Data not collected by Charles River, but provided to Charles River from its customers for processing should be addressed to the parties who provided the Personal Data for processing. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, or deletion of your Personal Data, you can submit a written request to Charles River via the contact information provided below. Charles River may request specific information from you to confirm your identity. In some circumstances Charles River may charge a reasonable fee for access to your information.

Questions or Complaints

In compliance with the Privacy Shield Principles, Charles River commits to resolve complaints about our collection or use of your personal information. Charles River will investigate and attempt to resolve any complaints or disputes regarding the collection or use of your Personal Data within 45 days of receiving your complaint.

Independent Recourse

For any unresolved Privacy Shield complaints, Charles River has agreed to cooperate with the EU and UK data protection authorities (DPAs).

In addition to above, Charles River is committed to cooperate with the appropriate panel(s) established by the relevant (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU or UK in the context of the employment relationship.

Privacy Shield also affords the opportunity, under certain conditions, for the individual to invoke binding arbitration.

Contact Us

EU or UK individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Charles River by email to the Director of Risk Management, with “Privacy Shield: “ in the subject line.

Risk Management

Changes To This Policy

We reserve the right to amend this Policy from time to time consistent with the Privacy Shield’s requirements.