Privacy Policy & Data Safeguards
Cope Plastics, Inc., an Illinois corporation (“we” or the “Company”) believes that privacy is important with regards to the use of the Internet. This privacy policy (this “Privacy Policy”) sets forth Cope Plastics’ privacy practices for our applications (“Apps”), software, the website located at https://www.copeplastics.com/ (together with all information, pages and subpages hosted thereunder, the “Website”), APIs, and services (collectively, the “Services”), and describes the practices that the Company will follow with respect to the privacy of users of this Services.
This policy applies to information we collect:
- on this Website;
- through our Apps, which provide dedicated non-browser-based interaction between you and the Company; and
- in email, text, and other electronic messages between you and the Company, including through the Services.
It does not apply to information collected by:
- us offline or through any other means; or
- any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Services.
Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Services. By accessing or using this Services, you agree to this privacy policy. This policy may change from time to time (see Changes to Our Privacy Policy, below). Your continued use of the Services after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.
What is Personal Information?
“Personal Information” is information by which you may be personally identified, such as your name, unique user name, e-mail address, mailing address, telephone number, other contact and demographic information, password, phone number, and payment information.
How is information collected?
The information we collect on or through our Services includes information (including Personal Information) provided by you directly, such as information that you provide by filling in forms on our Services, information requested from you when you report a problem with our Services, and records and copies of your correspondence (including email addresses), if you contact us. We may request that you voluntarily supply us with information, including Personal Information, so that we may enhance your visit or follow up with you after your visit. Whether you provide any information is entirely up to you.
Additionally, when you use the Services, we may automatically collect certain information, such as your device type and Internet Protocol address, your operating system, the browser type, the address of a referring web site, your activity on the Services, device ID for your mobile device, and information about your use and activity through the Services collected through cookies, web beacons, and other tracking technologies. The information we collect automatically is statistical data and does not include Personal Information, but we may maintain it or associate it with Personal Information we collect in other ways or receive from third parties. It helps us to improve our Services and to deliver a better and more personalized service. We treat this information as Personal Information only if we combine it with or link it to any of the Personal Information mentioned above. Otherwise, it is used in the aggregate only.
Some web browsers may transmit “do not track” signals. Web browsers may incorporate or activate these features differently, making it unclear if users have consciously activated them. As a result, at this time we do not take steps to respond to such signals.
What are cookies and web beacons and how are they used?
The Services, like many other commercial web sites, may utilize a standard technology called “cookies” to collect information about how our site is used. Cookies were designed to help a web site operator determine that a particular user had visited the site previously and thus save and remember any preferences that may have been set while the user was browsing the site. Cookies are small strings of text that web sites can send to your browser. Cookies cannot retrieve any other data from your hard drive or obtain your e-mail address. If you are simply browsing one of our information sites, a cookie may be used to identify your browser as one that has visited the site before. We may also make use of memory-based cookies in support of authenticating the user of certain of our web applications.
Pages of our the Website and our other Services may also contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related statistics (for example, recording the popularity of certain content and verifying system and server integrity).
How is information used?
We use information that we collect about you or that you provide to us, including any Personal Information:
- To present our Services and their contents to you.
- To provide you with information, products, or services that you request from us.
- To provide, support, personalize, and develop our Services.
- If applicable, to create, maintain, customize, and secure your account with us.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses.
- To personalize your experience and to deliver content and product and service offerings relevant to your interests.
- To allow you to participate in interactive features on our Services.
- To process your requests, purchases, transactions, and payments and prevent transactional fraud.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
- To notify you about changes to our Services or any products or services we offer or provide though our Services.
- To help maintain the safety, security, and integrity of our Services, products databases and other technology assets, and business.
- For testing, research, analysis, and product development, including to develop and improve our products and Services.
- To fulfill any other purpose for which you provide it.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of the Company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by the Company about our users is among the assets transferred.
- In any other way we may describe when you provide the information.
- For any other purpose with your consent.
How is information disclosed?
In some circumstances, we may share information you voluntarily provide us with trustworthy business partners. We do not sell or rent Personal Information collected through the Services to anyone, but we may disclose Personal Information that we collect or you provide as described in this Privacy Policy:
- To our subsidiaries and affiliates.
- To contractors, service providers, and other third parties we use to support our business.
- To enforce or apply our Terms of Use or Terms & Conditions of Sale and other agreements, including for billing and collection purposes.
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of the Company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by the Company about our users is among the assets transferred.
- To fulfill the purpose for which you provide it.
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Company, our users or customers, or others.
- For any other purpose disclosed by us when you provide the information.
- With your consent.
- We do NOT share or sell phone numbers used exclusively for the purpose of SMS between Cope Plastics and our business partners
Also, the Company may provide aggregate statistics about visitors to our sites, such as volume, traffic to the site, and related site information to reputable third-party vendors, but these statistics will include no Personal Information. The Company may also disclose information in special cases when we have a good faith belief that such action is necessary to: conform to legal requirements or comply with legal process, protect and defend our rights or property or act to protect the interests of our users or others.
What are your choices regarding collection, use, and distribution of your information?
If you have voluntarily provided information, you consented to the collection and use of your Personal Information as described in this Privacy Statement. If, in connection with your use of a particular Service, we ask to use your data in a way not described in this Privacy Statement and you do not wish to permit that use, you can choose not to use the particular Service.
You have the ability to modify the settings in your web browser to accept, reject or notify you of any cookies. However, if you select this setting you may be unable to access certain parts of our Services. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Services.
If you have voluntarily provided Personal Information, we may, from time to time, send you mail or e-mail regarding products and services. If you wish to not receive further communications from the Company, please contact us at corp-web@copeplastics.com to be removed from our database.
How does Cope Plastics protect your information?
We exercise great care to protect your Personal Information. This protection includes, among other things, using industry standard techniques such as firewalls, encryption, intrusion detection and site monitoring. The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Services like message boards. The information you share in public areas may be viewed by any user of the Services.
Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect your Personal Information, we cannot ensure or warrant the security of any information you transmit to us or receive from us. This fact is especially true for information you transmit to us via e-mail. We have no way of protecting that information until it reaches us. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Services. Once we receive your transmission, we make our best effort to ensure its security on our servers.
Internally, we will restrict access to your Personal Information to employees who need access to the information in order to do their jobs. These employees are committed to our privacy policies.
We will review our security arrangements from time to time as we deem appropriate.
Children Under the Age of 13
The Services are not intended for children under 13 years of age. No one under age 13 may provide any Personal Information to or through the Services. We do not knowingly collect Personal Information from children under 13. If you are under 13, do not use or provide any information on this Website or on or through any of the Services, make any purchases through the Services, use any interactive or public comment features of the Services or provide any information about yourself to us, including your name, address, telephone number, email address, any screen name or user name you may use, or any other Personal Information. If we learn we have collected or received Personal Information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at corp-web@copeplastics.com.
California Privacy Rights
Under California’s “Shine the Light” law, California residents are entitled to request and obtain from us certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please send an email to corp-web@copeplastics.com or write us at: Cope Plastics, Inc., Attn: Shine the Light Request, 4441 Industrial Drive, Alton, IL 62002.
Other sites
The Services may contain links to other sites, including those of our business partners. While we seek to link only to sites that share our high standards and respect for privacy, we are not responsible for the content or privacy and security practices and policies of these websites or any other sites that are linked to from the Services, or any damage to, or viruses that may infect your computer equipment or other property, or for any loss or corruption of data resulting from any third party website navigated to or accessed from links hosted on or contained in the Service.. If you decide to access any website linked to in the Services, you do so entirely at your own risk. We do not guarantee that you will receive an alert when you leave the Services, and it is your responsibility to determine when you have left the Services. Any Personal Information you provide on linked pages or applications is provided directly to that third party and is subject to that third party’s privacy policy. We encourage you to learn about their privacy and security practices and policies before providing them with Personal Information.
Information Received From Third Parties
If you choose to connect your account on our Services to your account on another service, we may receive information from the other service. You may also choose to grant us access to your data from another service. You can stop sharing the information from the other service with us by removing our access to that other service.
We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about any third party’s policies or procedures, you should contact the responsible provider directly.
Changes to Our Privacy Policy
It is our policy to post any changes we make to our Privacy Policy on this page. The date the privacy policy was last revised is identified at the top of the page. You are responsible for periodically visiting our Website and this Privacy Policy to check for any changes.
Contact Information
To ask questions or comment about this privacy policy and our privacy practices, contact us at:
Cope Plastics, Inc.
Attn: Copyright Concerns
4441 Industrial Drive
Alton, IL 62002
Email: corp-web@copeplastics.com
Telephone: (800) 851-551
_________________________________
Cope Plastics Data Safeguards
The following terms describe the technical and organizational measures, internal controls and information security requirements that Cope Plastics, Inc. maintains to safeguard company data as well as data provided by or on behalf of our partners (customers/vendors) in conducting business with Cope Plastics, Inc.
These security measures are intended to protect Cope Plastics, Inc’s data and Partner data when in Cope Plastics, Inc’s environments (e.g., systems, networks, facilities) against accidental, unauthorized or unlawful access, alteration, loss, or destruction.
When Cope Plastics, Inc and/or Partner data includes personal data, our implementation of and compliance with these measures is designed to provide an appropriate level of security in respect of the processing of the personal data. Cope Plastics, Inc may change these measures from time to time, without notice, so long as any such revisions do not materially reduce or degrade the protection provided for the Partner Data.
Likewise, Cope Plastics, Inc expects any partners accessing our systems or accessing Cope Plastics, Inc. company data as part of any implementation project or in providing support/maintenance services will also comply with these security measures that are put in place to protect Cope Plastics, Inc employees and company assets.
STANDARD DATA SAFEGUARDS:
- Organization of Information Security
-
- Security Ownership. Cope Plastics, Inc has a Systems Security Officer (SSO) responsible for coordinating and monitoring security policies and procedures.
- Security Roles and Responsibilities. Cope Plastics, Inc’s personnel with access to Partner Data will be subject to confidentiality obligations.
- Risk Management Program. Cope Plastics, Inc will have a risk management program in place to identify, assess and take appropriate actions with respect to risks related to the processing of the Partner Data in connection with the applicable agreement between the Parties.
- Asset Management
-
- Asset Inventory. Cope Plastics, Inc will maintain an asset inventory of its infrastructure, network, applications and cloud environments. Cope Plastics, Inc will also maintain an inventory of its media on which Partner Data is stored. Access to the inventories of such media will be restricted to personnel authorized by the SSO to have such access.
- Data Handling. Cope Plastics, Inc will
-
-
- Classify Partner Data to help identify such data and to allow for access to it to be appropriately restricted.
- Limit printing of Partner Data from its systems to what is minimally necessary to perform services and have procedures for disposing of printed materials that contain Partner Data.
- Require its personnel to obtain appropriate authorization prior to storing Partner Data outside of contractually approved locations and systems, remotely accessing Partner Data, or processing Partner Data outside the Parties’ facilities.
-
- Personnel Security Training
-
- Cope Plastics, Inc will
-
-
- Inform its personnel about relevant security procedures and their respective roles.
- Inform its personnel of possible consequences of breaching the security rules and procedures.
-
- Physical and Environmental Security
-
- Physical Access to Facilities. Cope Plastics, Inc will implement and maintain procedures to limit authorized access to its facilities where information systems that process Partner Data are located.
- Physical Access to Components. Cope Plastics, Inc will maintain records of the incoming and outgoing media containing Partner Data, including the kind of media, the authorized sender/recipients, date and time, the number of media, and the types of Partner Data they contain.
- Component Disposal. Cope Plastics, Inc will use industry standard (e.g., ISO 27001, CIS Sans 20, and/or NIST Cyber-Security Framework, as applicable) processes to delete Partner Data when it is no longer needed.
- Communications and Operations Management
-
- Cope Plastics, Inc will maintain security documents describing its security measures and the relevant procedures and responsibilities of its personnel who have access to Partner Data.
- Mobile Device Management (MDM)/Mobile Application Management (MAM). Cope Plastics, Inc will maintain a policy for its mobile devices that:
-
-
- Enforces device encryption.
- Prohibit use of blacklisted apps.
- Prohibits enrollment of mobile devices that have been “jail broken.”
-
-
- Data Recovery Procedures. Cope Plastics, Inc will
-
-
- Have specific data recovery procedures with respect to its systems in place designed to enable the recovery of Partner Data being maintained in its systems.
- Review its data recovery procedures at least annually.
- Log data restoration efforts with respect to its systems, including the person responsible, the description of the restored data and where applicable, the person responsible and which data (if any) had to be input manually in the data recovery process.
-
- Malicious Software. Cope Plastics, Inc will
-
- Have anti-malware controls to help avoid malicious software gaining unauthorized access to Partner Data, including malicious software originating from public networks.
- Data Beyond Boundaries. Cope Plastics, Inc will
-
- Encrypt Partner Data that it transmits over public networks.
- Protect Partner Data in media leaving its facilities (e.g., through encryption).
- Implement automated tools where practicable to reduce the risks of misdirected email, letters, and / or faxes from its systems.
- Event Logging
-
- For its systems containing Partner Data, Cope Plastics, Inc will log events consistent with its stated policies or standards.
- Access Control
-
- Access Policy. Cope Plastics, Inc will
-
-
- Maintain a record of security privileges of individuals having access to Partner Data via its systems.
-
-
- Access Authorization. Cope Plastics, Inc will
-
-
- Maintain and update a record of personnel authorized to access Partner Data via its systems.
- When responsible for access provisioning, promptly provision authentication credentials.
- Deactivate authentication credentials where such credentials have not been used for a period of 90 days.
- Deactivate authentication credentials upon notification that access is no longer needed (e.g. employee termination, project reassignment, etc.) within 24 hours.
- Identify those personnel who may grant, alter or cancel authorized access to data and resources.
- Ensure that where more than one individual has access to its systems containing Partner Data, the individuals have unique identifiers/logins (i.e., no shared ids).
-
- Least Privilege. Cope Plastics, Inc will
-
- Only permit its approved personnel to have access to Partner Data when needed
- Maintain controls that enable emergency access to productions systems via privileged ids, temporary ids or ids managed by a Privileged Access Management (PAM) solution.
- Restrict access to Partner Data in its systems to only those individuals who require such access to perform their job function.
- Limit access to Partner Data in its systems to only that data minimally necessary to perform the services.
- Support segregation of duties between its environments so that no individual person has access to perform tasks that create a security conflict of interest (e.g., developer/ reviewer, developer/tester).
- Integrity and Confidentiality. Cope Plastics, Inc will
-
- Instruct its personnel to disable all sessions and lock workstations when leaving premises or when computers are otherwise left unattended.
- Cope Plastics, Inc will
-
- Use industry standard (e.g., ISO 27001, CIS Sans 20, and/or NIST Cyber-Security Framework, as applicable) practices to identify and authenticate users who attempt to access its information systems.
- Where authentication mechanisms are based on passwords require that the passwords are renewed regularly.
- Where authentication mechanisms are based on passwords, require the password to contain at least eight characters and three of the following four types of characters: numeric (0-9), lowercase (a-z), uppercase (A-Z), special (e.g., !, *, &, etc.).
- Ensure that de-activated or expired identifiers are not granted to other individuals.
- Monitor repeated attempts to gain access to its information systems using an invalid password.
- Maintain industry standard procedures to deactivate passwords that have been corrupted or inadvertently disclosed.
- Use industry standard password protection practices, including practices designed to maintain the confidentiality and integrity of passwords when they are assigned and distributed, as well as during storage.
- Multi Factor Authentication. Cope Plastics, Inc will
-
- Implement Multi-Factor Authentication for internal access and remote access over virtual private network (VPN) to its systems.
- Penetration Testing and Vulnerability Scanning of Cope Plastics, Inc Systems.
-
- At least annually, Cope Plastics, Inc will perform penetration and vulnerability assessments on Cope Plastics, Inc’s IT environments in accordance with Cope Plastics, Inc’s internal security policies and standard practices.
-
- Cope Plastics, Inc agrees to share summary level information related to such tests as conducted by Cope Plastics, Inc to the extent applicable to the Services.
- Network and Application Design and Management. Cope Plastics, Inc will
-
- Have controls to avoid individuals gaining unauthorized access to Partner Data in its systems.
- Use network-based web filtering to prevent access to unauthorized sites.
- Use network intrusion detection and / or prevention in its systems.
- To the extent technically possible expect that the Parties will work together to limit the ability of Cope Plastics, Inc personnel to access non-Partner and non-Cope Plastics, Inc environments from the Partner systems.
- Maintain up to date server, network, infrastructure, application and cloud security configuration standards.
- Scan its environments to ensure identified configuration vulnerabilities have been remediated.
- Patch Management
-
- Cope Plastics, Inc will have a patch management procedure that deploys security patches for its systems used to process Partner Data that includes:
-
-
- Defined time allowed to implement patches (not to exceed 90 days for high or medium patches as defined by Cope Plastics, Inc’s standard); and
- Established process to handle emergency or critical patches as soon as practicable.
-
- Workstations
-
- Cope Plastics, Inc will implement controls for workstations it provides that are used in connection with service delivery/receipt incorporating the following:
-
-
- Software agent that manages overall compliance of workstation and reports at a minimum on a weekly basis to a central server
- Encrypted hard drive
- Patching process so that workstations are patched within the documented patching schedule
- Ability to prevent blacklisted software from being installed
- Antivirus with a minimum weekly scan
- Firewalls installed
-
- Information Security Breach Management
-
- Security Breach Response Process. Cope Plastics, Inc will maintain a record of its own security breaches in its systems with a description of the breach, the time period, the consequences of the breach, the name of the reporter, and to whom the breach was reported, and the process for recovering data.
-
- Service Monitoring. Cope Plastics, Inc’s security personnel will review their own logs as part of their security breach response process to propose remediation efforts if necessary.
- Business Continuity Management
-
- Cope Plastics, Inc will have processes and programs that are aligned to ISO 22301 to enable recovery from events that impact its ability to perform in accordance with the Agreement.
-
- Technical Supplementary Measures:
-
-
- The Partner Data in transit between Cope Plastics, Inc entities will be strongly encrypted with encryption that:
-
-
-
-
- is state of the art,
- secures the confidentiality for the required time period,
- is implemented by properly maintained software,
- is robust and provides protection against active and passive attacks by public authorities, including crypto analysis, and
- does not contain back doors in hardware or software, unless otherwise agreed with the applicable Partner.
-
-
-
-
- The Partner Data at rest and stored by any Cope Plastics, Inc entities will be strongly encrypted with encryption that:
-
-
-
-
- is state of the art,
- secures the confidentiality for the required time period,
- is implemented by properly maintained software,
- is robust and provides protection against active and passive attacks by public authorities, including crypto analysis, and
- does not contain back doors in hardware or software, unless otherwise agreed with the applicable Partner.
-
-
-
- Organizational Supplementary Measures:
-
- The Partner Data transfer between Cope Plastics, Inc entities and the processing by any Cope Plastics, Inc entities will be in accordance with:
- Cope Plastics, Inc’s internal policies and procedures to manage requests from public authorities to access personal data,
- Cope Plastics, Inc’s internal data access and confidentiality policies and procedures,
- Cope Plastics, Inc’s internal data minimization policies and procedures, and
- Cope Plastics, Inc’s internal data security and data privacy policies and procedures.
- The Partner Data transfer between Cope Plastics, Inc entities and the processing by any Cope Plastics, Inc entities will be in accordance with: