Types of Personal Data and Information We Collect
Personal data means any information relating to an identified or identifiable individual (“data subject”).
We collect personal data from and about individuals, including our employees and former employees; employees and representatives of our client companies, our suppliers, our vendors and other companies we deal with in the course of our business; other business contacts; website visitors; and job applicants.
The personal data collected may include names, addresses, telephone numbers (wireline and/or mobile), email addresses, company names, individual contact names and job titles, fax numbers, IP addresses, device identification and location information, service and site usage information, billing and transaction information, and credit card or other financial information.
We may collect other personal data depending on factors including the types of products or service(s) requested, provided or promoted.
How We Obtain Personal Data
We may obtain personal data in a number of ways, including from existing clients and potential clients, from employees and former employees, from vendors and suppliers, and from job applicants. We may collect personal data directly from individuals or from other sources such as an individual’s employer, business contacts, other third parties or publicly available sources. For example, a third party may give us contact information for individuals employed by companies that might be interested in our products and services.
We may obtain personal data at conferences, meetings, and seminars. We also may collect personal data through sources such as business or social networking sites.
We may use “cookies” and similar technology to collect information about visitors to our website and users of certain web-based products and services we offer, including information such as IP addresses, and device identification and location information.
Infrequently, e-mails we send may include tracking technology if necessary for a business purpose, including to obtain IP addresses, device identification or device location information for people who open our e-mails or click on links in our e-mails.
How and Why We Use and Share Personal Data
We use and share personal data for permissible purposes including use and sharing as necessary for the performance of a contract with the data subject; at the request of the data subject; as necessary for compliance with our legal obligations; and as necessary for the purposes of our legitimate interests or the legitimate interests of a third party, also taking into consideration the data subject’s rights.
Such permissible purposes include: direct marketing of our products and services; to contact individuals, or provide information to individuals, about products and services they have requested or that we think may interest the individual or their employer; for ongoing communications in the course of business discussions or a business relationship with an individual, their employer or a company they represent; in order to provide products and/or services to an individual, their employer or a company they represent; to request input for surveys, and for other input requests; for purposes relating to employment or previous employment by Auriemma, or an employment application; for billing, account management, technical support, and product development; in the course of purchasing or receiving products and/or services from an individual, their employer or a company they represent; to improve our products and services; to help prevent fraud and other illegal activity; as necessary or appropriate for our legitimate interests or the legitimate interests of a third party; in furtherance of our legal rights; and as necessary to comply with our legal obligations.
We obtain and use personal data necessary to process employment applications, to compensate our employees, to provide our employees access to benefits, to administer other employee programs and to comply with employment-related requirements and other applicable laws. Auriemma employees and job applicants are required to provide this personal data.
We also may use personal data for other permissible purposes described when the data is obtained, or thereafter as described in, or agreed upon through, supplemental documents or disclosures.
We share personal data with third parties as necessary or appropriate for legitimate business purposes. For example, contact information and other personal data of Industry Roundtable participants is shared with other participants; and personal data is shared with our vendors, suppliers, service providers and other third parties as necessary or appropriate for business purposes including to help us offer, provide, and bill for our products and services, or in connection with other business activities or arrangements. Agreements with these third parties establish confidentiality requirements or expectations as we deem appropriate. We share personal data with third parties as necessary to comply with, and subject to, applicable law; and in furtherance of our legal rights and obligations.
We may ask for consent to use or share personal data in other ways if not covered by this policy.
We use information that may be collected about individuals’ visits to our website or use of other web-based services we offer for business purposes including to analyze usage and administer our website, for operational and performance measurement, to identify visitors to our website and users of our other web-based services, and to help us improve the quality and usefulness of our website and our other web-based services.
International Transfer of Personal Data
Auriemma transfers personal data to, from and between our UK and US offices, and to third parties in the UK, US or other countries. These countries may not always have the same data protection or privacy laws in place as the data subject’s country, or may not be deemed to provide protections that are “adequate” or “equivalent” to the privacy requirements of the data subject’s country. Auriemma binds its US and UK offices to appropriate standards of personal data protection in accordance with applicable law. As explained above, agreements with third parties establish confidentiality requirements or expectations as we deem appropriate. Personal data we collect is transmitted to and stored in the US (as well as in the UK) and will become subject to US law, which may permit access to personal data by courts, law enforcement or the government.
How Long We Keep Personal Data
We keep personal data for the period of time necessary to fulfill the legitimate purposes for which we obtained and are using the personal data, unless a longer period is required or permitted by law.
How We Store and Help Protect Personal Data
Auriemma has technical, administrative, procedural and physical safeguards in place to help protect against unauthorized access to, use or disclosure of the personal data we obtain and store. Although we endeavor to protect this personal data, no method of transmission over the internet or method of electronic storage is 100% secure; therefore, we cannot guarantee our safeguards will prevent all unauthorized access to, use of or disclosure of personal data. Auriemma maintains information technology and data security policies, and information technology incident response plans.
Choices and Access to Personal Data
If required by law, a data subject may ask to access, update, correct, and, where reasonably practical or legally required, delete personal data held by Auriemma, or withdraw consent to certain uses of personal data if use of the personal data is based solely on consent. All such requests must be directed to the Auriemma Privacy Contact designated below in this policy.
Please note that if a data subject withdraws consent or requests deletion of certain information, and personal data such as contact information is deleted as a result, we may not be able to communicate or do business with that data subject or the data subject’s company.
We may take steps to verify a data subject’s identity before granting access or making changes to personal data.
We may decide to delete personal data if we believe it is incomplete or inaccurate, or for any other reason.
When we delete personal data in accordance with this policy and applicable law, it may remain in archives if it is not practical or possible to delete it. We may keep personal data as needed for any legitimate purpose, including compliance with our legal obligations, resolution of disputes, or enforcement of our rights.
Requests to unsubscribe from, or change marketing preferences with respect to, Auriemma marketing e-mails may be sent to email@example.com, or may be submitted to the Auriemma Privacy Contact designated below.
Website “cookies” may be blocked through an internet browser or other commercially available software, but doing so may make some of our website features unavailable, and some technologies might not be affected by browser controls.
Auriemma Privacy Contact
Please send any questions about this policy or requests regarding personal data directly to us via e-mail at firstname.lastname@example.org, or in writing to us at either of the following addresses:
Auriemma Consulting Group UK, Ltd.
10 Ely Place
London EC1N 6RY
Attention: Auriemma Privacy
Auriemma Consulting Group, Inc.
120 Broadway, Suite 3401
New York, NY 10271
Attention: Auriemma Privacy
Contacting Local Privacy Authority
In some countries, a data subject may have a right to lodge a complaint with the local authority responsible for privacy protection.
Policy Information and Updates
The term “including” as used in this policy means “including without limitation”, unless otherwise specified.
Effective May 25, 2018