OVERSEAS MILITARY SALES GROUP DATA PRIVACY FRAMEWORK (DPF) COMPLIANCE POLICY

  1. Overseas Military Sales Corporation – OMSC Ltd and its affiliates, Overseas Military Sales Operations, Inc., Priority Assist, Inc., and Military Car Sales Inc. affirm their participation EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and Swiss-US Data Privacy Framework (Swiss-US DPF). For more information on the Data Privacy Framework program you may go https://www.dataprivacyframework.gov/.
    1. OMSC and its affiliates collect the following data from their customers: 

      • Information about the customer provided directly to us by the customer, such as their name, mailing address, phone number, and e-mail address. 
      • Information provided on applications, orders or other forms or transactions, which may include but is not limited to a customer’s name, address, social security number, income information and sources that is not publicly available. 

      Information on any list, description, or other grouping of consumers (and publicly available information pertaining to them) derived from using any personally identifiable financial information that is not publicly available.

      • Information about a customer’s transactions with us, our affiliates, or others, such as balance and payment history.
      • Information obtained from the consumer’s employer or other employment-related sources to verify financial information. 
      • Information obtained from consumer reporting agencies, such as one’s credit history, credit score, and information that we obtain to verify employment history or that insurance coverage is in place. 
      • Information obtained through Internet “cookies” in connection with an inquiry about a financial product or service.

      All information is used exclusively for the processing of sales of our products to our customers. 

    2. OMSC and its affiliates collect the following data from their employees: employment, banking and health related information. 

    3. OMSC and its affiliates commit to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship.

  2. OMSC and its affiliates comply with the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-US Data Privacy Framework (Swiss-US DPF) as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from European Union member countries, the United Kingdom (including Gibraltar) and Switzerland to the United States, respectively. OMSC and its affiliates have certified that they adhere to the DPF Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy policy and the DPF Principles, the DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification page, please visit https://www.dataprivacyframework.gov/.  
  3. The point of contact is James Black, General Counsel for OMSC and its affiliates. 516-496-1825, jblack@militarycars.com
  4. Third parties to whom OMSC and its affiliates will disclose personal information to automobile manufacturers, banks and other lenders and the US DoD, Army, Air Force and Navy Exchanges. All disclosures are to facilitate the sale and marketing of their products to their customers. If OMSC and its affiliates ever were to engage in any onward transfers of your data with third parties for a purpose other than which it was originally collected or subsequently authorized, we would provide you with an opt-out choice to limit the use and disclosure of your personal data. OMSC and its affiliates may have liability for disclosures resulting from onward transfer to third parties. 
  5. OMSC and their affiliates will advise customers whose personal data they are processing of their right under the Data Privacy Framework Principles (DPF Principles) to access, correct or delete their personal data. A customer who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct their query to jblack@militarycars.com. If requested to remove data, we will respond within a reasonable timeframe. 
  6. In compliance with the EU-US DPF, the UK Extension to the EU-US DPF, and Swiss-US DPF Principles, OMSC and its affiliates commit to resolve complaints about your privacy and our collection or use of your personal information. European Union, United Kingdom (including Gibraltan) or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact James Black, General Counsel for OMSC and its affiliates. 516-496-1825,  jblack@militarycars.com
  7. OMSC and its affiliates have further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, DATA PRIVACY FRAMEWORK SERVICES, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you. OMSC and its affiliates have further committed to cooperate with EU data protection authorities (DPAs), the UK Information Commissioner’s Office (UK ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved DPF complaints concerning human resources data transferred from the EU, the UK (including Gibraltar) and Switzerland in the context of the employment relationship. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs, the UK ICO, or the Swiss FDPIC for more information or to file a complaint. The services of EU DPAs, the UK ICO< and the Swiss FDPIC are provided at no cost to you. Please do not refer HR complaints to Data Privacy Framework Services.  
  8. If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf.
  9. OMSC is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). 
  10. OMSC and its affiliates may be required to disclose personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. 
  11. Your Additional Rights
    You have the right to:
    1. Review and correct your information that we store.

    2. A copy of our written security practices and procedures.

    3. Request to delete your data if we are no longer providing services.

    4. Opt out of receiving communications not directly related to the services.

    You may exercise any of the above rights by e-mailing  jblack@militarycars.com or calling 1-516-496-1825.