Schneider Downs (as defined below) complies with the EU-U.S. Data Privacy Framework (EU U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Schneider Downs has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Schneider Downs has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program and to view our certification, please visit dataprivacyframework.gov/.
Schneider Downs & Co., Inc. and its entities (collectively “Schneider Downs,” “we,” “us,” or “our”) take your privacy seriously. We believe it is important for you to understand when, how, and why we collect personal information as you utilize our products and services, use our website, contact us, or interact with us in any manner.
This Privacy Policy outlines the scope of our relationship with you and your personal information, and details your rights to control how we use your data. Schneider Downs is committed to compliance with data protection and privacy laws and protecting the privacy of its users, and we endeavor to always be good stewards of your data.
This Privacy Policy applies to the collection and use of personal information by Schneider Downs & Co., Inc., Schneider Downs Wealth Management, Schneider Downs Capital, and Schneider Downs Digital.
Schneider Downs collects certain personal information about our clients, potential clients, and partners. The type of information we collect is based on how you interact with us, including by retaining our services or using our website. Our legal bases for processing your personal information include our legitimate interests in running and promoting our business, the performance of a contract, legal or regulatory obligations, or client consent.
We collect information about our users in the following ways:
1. Information you give us
In order for you to access certain services and/or products, we may require you to provide us with information that personally identifies you (“Personal Information”). Personal Information may include: (i) Contact Data (such as your name, mailing and e-mail addresses); (ii) Financial Data (such as your account or credit card number); (iii) Demographic Data (such as your zip code, age and income); and (iv) Location Data (such as IP address or geological data).
2. Information we collect about you
As is typical of most websites, certain information is automatically collected about the way you use our website. This information helps us improve the quality, usability, and performance of the services we offer to you through aggregate information that does not reveal your specific identity and cannot reasonably be used to identify any particular individual user. Common information we collect may include: IP address, device identifier, browser type, operating system, information about your use of the website, and data regarding network-connected hardware. The information collected is obtained by user input and in the form of “cookies” (a small file containing the address of the website and codes that your browser sends back to the website each time you visit a page to provide the user a more personalized experience.)
This site also uses Google Analytics in connection with our website to gather data such as age, gender and interests to provide advertising targeted to suit your interests and preferences. Google Analytics collects anonymous information that is not used to identify a particular user. This information helps us better understand how visitors use our website and detect and defend against fraud and other security risks.
3. Information we receive from other sources
We also may obtain information about you from other sources, including third-party services in order to enhance our ability to provide relevant services and offers to you. Such collection may occur on certain parts of the website that are powered and facilitated by third parties such as the Schneider Downs Client Portal (powered by Suralink), Make A Payment Portal (powered by Pineapple Payments), the Career Portal and Talent Accusation Portal (powered by Cornerstone), Wealth Management Orion Client Portal (powered by Orion Advisor Tech), Wealth Management Charles Schwab Portal (powered by Charles Schwab), Wealth Management 401(k) Plan Portal (powered by SD Retirement Solutions), Wealth Management Elite Money Portal (powered by eMoney Advisor, LLC) and the Wealth Management Fidelity Investments Portal (powered by Fidelity Investments). We will treat such data in accordance with this Privacy Policy. We are not responsible or liable for the accuracy of the information provided by third parties or for third-party policies or practices.
We collect your data to help us manage our relationship with you, including responding to your requests or queries, meeting our obligations under any contracts we have entered into with you, billing and invoicing, seeking feedback on the services we have provided to you, or providing you with information about other services we offer that are similar to those that you have already engaged or inquired about. We also collect your data for security-related processing (e.g., automated scanning of incoming and outgoing e-mails for viruses), to provide customer support, including to manage your use of services and send customer updates and administrative communications, such as changes to our terms, conditions, and policies. We may also use your data to investigate and prevent fraudulent activities, unauthorized access to our services, and other illegal activities. We may collect your data for any other purposes for which we will notify any impacted clients.
We also use your personal information to market to you, including sending you promotional materials or communications regarding services by us, or to send you information which we think may be of interest to you, but only in accordance with your marketing preferences. You will always be able to opt-out of such communications at any time by visiting our Email Preference Center (https://schneiderdowns.com/opt-out/).
We collect your personal information to comply with our legal and regulatory obligations, including in relation to financial crime laws and regulations and establishing, exercising and defending legal claims.
We will share and disclose information about you in the following limited circumstances:
We will share your personal information with the following Schneider Downs entities for purposes consistent with this Privacy Policy: Schneider Downs & Co., Inc., Schneider Downs Wealth Management, Schneider Downs Capital, and Schneider Downs Digital.
We will also share your information with consultants, professional advisers (such as accountants, lawyers and auditors), and certain vendors and service providers to process your personal information on our behalf. These companies are not permitted to use your information for their own purposes and may only handle your data at our express direction. We use these companies to provide products, services, communication, marketing offers, and customer services, among other tasks. We assess the technical and organizational security measures of all third-party service providers Schneider Downs engages to ensure the protection of your personal information.
We will also share your data with third-party business partners who sponsor events and other offerings with us. We share personal information with these co-sponsors when you sign up for events or offerings to allow our partners to send you marketing communications and information that may be of interest to you, as permitted under applicable law.
We will share your personal information where we have a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce any contract or other agreements; or to protect the rights, property, or safety of Schneider Downs, our clients, or others. Under certain circumstances, we may be required to disclose your personal information if we are under a legal or regulatory obligation to do so including to meet security or law enforcement requirements.
We employ various physical, electronic and managerial measures, including education and training of our personnel, which are designed to reasonably and appropriately protect personal data from loss, misuse or unauthorized access, disclosure, alteration or destruction. These measures include limiting access and using industry best practice controls such as firewalls and encryption for personal data. Personal data collected or displayed through a website is protected in transit by standard encryption processes, but we cannot guarantee the security of information on, or transmitted via, the internet.
We retain personal information about you for the period necessary to fulfill the purposes outlined in this Privacy Policy or until you notify us to remove you from our database, unless a longer or shorter retention period is required or permitted by applicable law, rule, or regulation.
Schneider Downs complies with the EU-U.S. Data Privacy Framework (“EU U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) as set forth by the U.S. Department of Commerce. Schneider Downs has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Economic Area (“EEA”) in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Schneider Downs has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program and to view our certification, please visit dataprivacyframework.gov/. You can also verify our self-certification to the DPF and check the information we have provided by viewing our details on the DPF list.
The Federal Trade Commission has jurisdiction over Schneider Downs’ compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.
We may transfer personal information to our third-party agents and service providers who perform functions on our behalf as described herein. Where required by the DPF, we enter into written agreements with those third-party agents and service providers requiring them to provide the same level of protection the DPF requires and limiting their use of the data to the specified services provided on our behalf. We take reasonable and appropriate steps to ensure that third-party agents and service providers process personal information in accordance with our DPF obligations and to stop and remediate any unauthorized processing. Under certain circumstances, we may remain liable for the acts of our third-party agents or service providers who perform services on our behalf for their handling of personal information that we transfer to them.
In some cases, we may transfer personal information to unaffiliated third-party data controllers. These third parties do not act as agents or service providers and are not performing functions on our behalf. We may transfer your personal information to third-party data controllers for the purposes of sending you marketing communications and information that may be of interest to you, as permitted under applicable law. We will only provide your personal information to third-party data controllers where you have not opted-out of such disclosures, or in the case of sensitive personal information, where you have opted-in if the DPF requires consent. We enter into written contracts with any unaffiliated third-party data controllers requiring them to provide the same level of protection for personal information the DPF requires. We also limit their use of your personal information so that it is consistent with any consent you have provided and with the notices you have received. If we transfer your personal information to one of our affiliated entities within our corporate group, we will take steps to ensure that your personal information is protected with the same level of protection the DPF requires.
Under certain circumstances, we may be required to disclose your personal information in response to valid requests by public authorities, including to meet national security or law enforcement requirements. We will only do so in accordance with the DPF Principles.
Under the DPF, you have rights in relation to your personal data. These include:
You may have the right to access the personal data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of the DPF. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, or deletion of your personal data, you can submit a written request to the contact information provided below. We may request specific information from you to confirm your identity. In some circumstances, we may charge a reasonable fee for access to your information.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Schneider Downs commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EEA, UK, and Swiss individuals with inquires or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Schneider Downs at: Privacy Office, Schneider Downs & Co., Inc., One PPG Place, Suite 1700, Pittsburgh, PA 15222, [email protected],. 1-877-444-7326
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Schneider Downs commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit JAMS EU U.S. Data Privacy Framework Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Schneider Downs commits to cooperate and comply respectively with the advice of the panel established by EU data protection authorities (“DPAs”), the UK Information Commissioner’s Office (“ICO”) and the Gibraltar Regulatory Authority (“GRA”), and the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF in the context of the employment relationship.
You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have taken the following steps: (1) raised your complaint directly with Schneider Downs and provided us the opportunity to resolve the issue; (2) made use of the independent dispute resolution mechanism identified above; and (3) raised the issue through the relevant data protection authority and allowed the US Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, see https://www.dataprivacyframework.gov/framework-article/D–Binding-Nature-of-Decisions.
If you are a resident of the State of California, you have additional rights regarding your personal information under the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”), specifically:
To exercise any of your rights under the CPRA please email us at [email protected] or contact us at 1-877-444-7326.
1. Collection of Personal Information
The table below identifies, generally, the categories of personal information (as defined by the CPRA) that we have collected about California residents in the past twelve (12) months. Please note that not all examples listed in the table below are collected from every consumer, and we may not collect all items listed as examples in a particular category.
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
A name, signature, Social Security Number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Age (40 years or older), race, color, ancestry, national origin, citizenship or immigration status, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Browsing history, search history, and information regarding a consumer’s interaction with an internet website application, or advertisement.
Audio, electronic, visual, thermal, olfactory, or similar information
Current or past job title.
2. Disclosure of Personal Information
The table below identifies, generally, the categories of personal information (as defined by the CPRA) that we have disclosed about California residents in the past twelve (12) months. Please note that not all examples listed in the table below are disclosed, and we may not disclose all items listed as examples in a particular category.
A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.
A name, signature, Social Security Number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Age (40 years or older), race, color, ancestry, national origin, citizenship or immigration status, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
Browsing history, search history, and information regarding a consumer’s interaction with an internet website application, or advertisement.
3. Sale of Personal Information
Schneider Downs does not sell your personal information to anyone under any circumstances and has not sold any personal information in the past 12 months.
Information relating to present or former Schneider Downs personnel is subject to our Confidential Data Policy, which is available to current Schneider Downs personnel on the Schneider Downs intranet site and to former Schneider Downs personnel upon request.
Information obtained from, or relating to, clients or former clients is further subject to the terms of any privacy notice to the client, any engagement letter or other similar letters or agreements with the client, and applicable laws and professional standards.
If you have any questions about this Policy or would like to request access to your personal data, please contact us at Privacy Office, Schneider Downs & Co., Inc., One PPG Place, Suite 1700, Pittsburgh, PA 15222, [email protected], [1-877-444-7326.
We reserve the right to amend this Privacy Policy.
Effective date: 01/01/2025
Last modified: 01/14/2025
Receive all the latest insights and industry tips.
Schneider Downs is a Top 60 independent Certified Public Accounting (CPA) firm providing accounting, tax, audit and business advisory services to public and private companies, not-for-profit organizations and global companies. We also offer Internal Audit; Technology Consulting; Software Solutions; Personal Financial Services; Retirement Plan Solutions and Corporate Finance Services. Schneider Downs is the 13th largest accounting firm in the Mid-Atlantic region and serves individuals and companies in Pennsylvania (PA), Ohio (OH), West Virginia (WV), New York (NY), Maryland (MD), and additional states in the United States with offices in Pittsburgh, PA, Columbus, OH, and McLean, VA.
© 2024 Schneider Downs & Co., Inc. Maryland license number 35239.
Every moment counts. For urgent requests, contact the Schneider Downs digital forensics and incident response team at 1-800-993-8937. For all other requests, please complete the form below.
