PRIVACY STATEMENT

HBR Consulting LLC (“HBR” or “we” or “our” or “us”) are committed to protecting your privacy when you interact with us.

This Privacy Statement (“Privacy Statement or “Statement”) sets out the privacy practices for HBR with respect to information, including Personal Data (which means any information relating to an identified or identifiable natural person), we obtain from and about individuals interacting with HBR and its websites, mobile applications, and services. All Personal Data that we collect, other than information collected in the employment context, is subject to this Privacy Statement.

If you are visiting our site from the European Union (“EU”) or where applicable EU data protection laws so provide, please see the section below titled, “Your EU Privacy Rights” for additional information.

 

Types of Personal Data Collected

The type of Personal Data we collect depends on how you use this website or interact with HBR.

When you visit our publicly available website, we may collect the following types of information, including Personal Data, from you:

  • Contact information
  • Event registrations and preferences
  • Feedback and reviews or request for support
  • Log files, information collected by cookies and similar technologies about the pages viewed, links clicked and other actions taken when accessing our website, which may be considered Personal Data under applicable laws (see our Cookie Policy for more information).
  • Activities, interactions, preferences, transactional information and other computer and connection information (such as IP address) relating to the use of our website and our services
  • Resume and applicant information for those applying to job openings

When you conduct business with HBR, we may collect the following types of Personal Data:

  • Contact information
  • Financial and billing information
  • Event registrations and preferences
  • Feedback and reviews or request for support
  • Activities, interactions, preferences, transactional information and other computer and connection information

If you apply for employment with HBR, we may collect and process Personal Data to administer and evaluate the application.

HBR also collects Personal Data from other HBR entities (including those listed at the beginning of this Statement). In addition, HBR receives Personal Data from third parties who provide services to us, such as web analytics providers.

 

How We Use Personal Data

HBR collects and uses Personal Data for our legitimate interests as set out herein, or based on your consent (in which case we would ask you separately to provide your consent to a particular processing activity):

  • Personalizing information about our services
  • Personalizing your experience on our website
  • Providing services and support to our customers, which may also be necessary for the performance of a contract with you
  • Conducting business with our suppliers and other third parties
  • Considering resumes and applications received by applicants for job vacancies with HBR entities, including all elements of the procedure leading up to making a decision whether to offer, subject to any appropriate background checks, the applicant a position. Some job applicant data processing may also be necessary to comply with legal obligations
  • Other purposes disclosed at the time of collection or otherwise compatible with the above and applicable law

In instances where information is transferred to HBR through a client data controller and HBR is acting as the processor, the processing is necessary for the performance of a contract or for our legitimate interest to provide the requested services to our clients. HBR will assist the client data controller in complying with its legal obligations and the Privacy Shield Principles, discussed below in the International Transfers of Your Personal Data section, where applicable.

 

With Whom We Share Personal Data

HBR may share Personal Data we collect with the following categories of third parties and for the following purposes:

  • Subsidiaries who process Personal Data on behalf of HBR for the purposes of supporting and providing services to its customers
  • Third party service providers contracted to provide services on behalf of HBR for discrete business purposes such as provision of IT related services, event planning, talent recruiting, and travel services
  • Other corporate entities when a business transaction occurs such as a merger or acquisition

HBR may disclose Personal Data in special cases when we have a good faith belief that it is necessary: (a) to conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements; (b) to protect and defend our rights or property; (c) to enforce the website Terms and Conditions; or (d) to protect the interests of our users or others.

 

Retention of Data

We will keep your Personal Data as reasonably necessary to fulfill the purposes for which Personal Data is collected as stated herein; for as long as is necessary for the performance of the contract between you and us, if any; and to comply with legal and statutory obligations, such as in tax, trade and corporate laws. When we no longer need your Personal Data for our purposes, we will destroy, delete or erase that Personal Data or convert it into an anonymous form.

 

Choice You Have About How HBR Uses Your Personal Data

We strive to provide you with as many choices and as much control as possible regarding the Personal Data you provide to us.

If you have questions, complaints or concerns regarding this Privacy Statement or wish to access your Personal Data, or update, change or remove your Personal Data, please contact privacy@hbrconsulting.com, or send mail addressed to:

HBR Consulting LLC
Attn: Chief Compliance Officer
440 South La Salle Street Suite 2250
Chicago, IL 60605

If you wish to opt out of receiving marketing or other communications, you can either respond using the opt out button in the relevant communication, or by contacting us by one of the methods listed above.

 

How HBR Protects Your Personal Data

HBR takes reasonable and appropriate measures to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the data.

 

Links

This website may contain links to or from other websites. Please be aware that we are not responsible for the privacy practices of other websites. This Privacy Statement applies only to the information we collect on this Site or as otherwise described herein. We encourage you to read the privacy notices of other websites you link to from our Site or otherwise visit.

 

Children’s Privacy

This website is not intended for children under the age of 13. We will not knowingly collect information from website visitors in this age group. By using the Site, you represent that you are age 13 or over. If you believe that a child may have provided his or her Personal Data to us, please contact us using the contact information at the end of this Statement. In the event that we become aware that we have collected Personal Data from a child under the age of 13, we will dispose of that Personal Data immediately.

 

California Do Not Track Disclosures

When you visit a website (such as HBR’s website), your browser automatically shares certain information with that website, such as your IP address and other device information, which may also be considered Personal Data under applicable laws. Some of this data may also be sent to third-party content providers (for example: advertisers, website analytic companies, etc.) that provide content on the website. Such sharing may allow the website and/or content providers to track you over time and across multiple websites. At this time, HBR’s website does not respond to Do Not Track beacons sent by browser plugins as there is not yet a common agreement about how to interpret Do Not Track signals from browsers. Please visit our Cookie Policy to learn even more about cookies and similar technologies.

 

International Transfers of Your Personal Data

By using the website or providing Personal Data to HBR, your Personal Data may be transferred to the United States where HBR is headquartered. If you are not a resident of the United States, your country’s laws governing data collection and use may differ from those in the United States. For example, the data protection laws of the United States have not been found by the European Commission to provide the same level of protection as EU data protection law. Some of the third parties with whom we share your Personal Data are also located in third countries that do not provide the same level of protection to your Personal Data. Certain third countries have been officially recognized by the European Commission as providing an adequate level of protection (list available here) Transfers to third parties located in countries outside the European Economic Area (“EEA”) take place using an acceptable data transfer mechanism, such as the EU-U.S. Privacy Shield for transfers to self-certified U.S. organizations, the EU Standard Contractual Clauses, Binding Corporate Rules, approved Codes of Conduct and Certifications or in exceptional circumstances on the basis of permissible statutory derogations. Please contact privacy@hbrconsulting.com if you want to receive further information or, where available, a copy of the relevant data transfer mechanism.

 

EU-U.S. and Swiss-U.S. Privacy Shield

HBR complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union and Switzerland to the United States. HBR has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. Our Privacy Shield certification applies to all U.S. entities and subsidiaries covered in our Privacy Shield certification record, accessible here. HBR and its controlled U.S. subsidiaries subject to the Privacy Shield Principles hold, process or transfer all Personal Data received from the EU or Switzerland in reliance on the Privacy Shield. If there is any conflict between the terms in this Privacy Statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. HBR is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

If you are in the EU or Switzerland, you have the right to access the Personal Data we possess and direct us to correct, amend or delete that information where it is inaccurate or has been processed in violation of the Privacy Shield Principles, as appropriate, in accordance with the Access Principle. HBR may limit or deny access consistent with the Privacy Shield Principles.

When we receive written complaints submitted as instructed above, we will follow up with the person who made the claim. If you have a complaint or concern, please contact us and we will attempt to resolve it. If we are unable to do so, we have designated the International Centre for Dispute Resolution, a division of the American Arbitration Association (“ICDR/AAA”), as our independent recourse mechanism to address complaints and provide appropriate recourse free of charge to individuals covered by the Privacy Shield. The website for submitting complaints which have not been resolved directly by HBR can be found here. Individuals covered by the Privacy Shield may seek binding arbitration for limited types of claims. For additional information about the Privacy Shield arbitration process, please visit the Privacy Shield website at Privacy Shield Arbitration.

If a third-party service provider providing services to HBR processes Personal Data from the EU or Switzerland that is subject to the Privacy Shield in a manner inconsistent with the Privacy Shield Principles, HBR will be liable unless we can prove we are not responsible for the event giving rise to the damages.

 

Your EU Privacy Rights

If you are visiting the website from the EU or where applicable EU data protection laws so provide, you may exercise the following rights regarding your Personal Data:

Access. You have the right to obtain from us confirmation if your Personal Data is being processed and certain information in this regard.

Rectification. You have the right to request the rectification of inaccurate Personal Data and to have incomplete data completed.

Objection. You have the right, when we process Personal Data on the grounds of legitimate interests, to object to the processing of your Personal Data for compelling and legitimate reasons relating to your particular situation, except in cases where legal provisions expressly provide for that processing. In addition, you have the right to object at any time where your Personal Data is processed for direct marketing purposes.

Portability. You may receive your Personal Data that you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit them to other data controllers without hindrance. This right only exists if the processing is based on your consent or a contract and the processing is carried out by automated means.

Restriction. You may request to restrict processing of your Personal Data (i) while we verify your request – if you have contested the accuracy of the Personal Data about you which we hold; (ii) if the processing is unlawful and you oppose the erasure of it and request restriction instead; (iii) if we no longer need it, but you tell us you need it to establish, exercise or defend a legal claim; or (iv) while we verify your request if you have objected to processing based on public or legitimate interest.

Erasure. You may request to erase your Personal Data if it is no longer necessary for the purposes for which we have collected it, you have withdrawn your consent and no other legal ground for the processing exists, you objected and no overriding legitimate grounds for the processing exist, the processing is unlawful, or erasure is required to comply with a legal obligation.

Right to lodge a complaint. You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your residence, or the location where the issue that is the subject of the complaint occurred.

Right to refuse or withdraw consent. Please note that in case we ask for your consent to certain processing, you are free to refuse to give consent and you can withdraw your consent at any time without any adverse negative consequences. The lawfulness of any processing of your Personal Data that occurred prior to the withdrawal of your consent will not be affected.

If you have questions about exercising any of those rights or their applicability to any of our particular processing activities or have questions about any data transfer mechanism or want a copy thereof, you may contact us at privacy@hbrconsulting.com or at the address provided above.

 

Contact Us

We have taken great measures to ensure that your visit to our website and your interactions with HBR are satisfying and that your privacy is respected. Unless otherwise stated, HBR is a data controller for Personal Data processed subject to this Statement. If you have any questions, comments or concerns about our privacy practices, please contact us by e-mail at privacy@hbrconsulting.com or telephone at 1-800-832-7599.