SELF-REGULATORY FRAMEWORK POLICY FOR THE EU-U.S. PRIVACY SHIELD
HBR Consulting (“HBR”) participates in the EU-U.S. Privacy Shield Framework, including the Privacy Shield Principles and Supplemental Principles (collectively, the “Privacy Shield Principles”), regarding the collection, use and retention of personal information about data subjects in the European Union. To learn more about the EU-U.S. Privacy Shield program and to view HBR’s certification, please visit the Privacy Shield website. HBR subjects to the Privacy Shield Principles all personal information received from the EU in reliance on the Privacy Shield. In compliance with this framework, this policy explains:
- What type of personal information we collect and why we collect it
- How we use that personal information
- The choices we offer, including how to access and update information
TYPES OF PERSONAL INFORMATION WE COLLECT
HBR collects personal information from individuals who visit our public website. We may also collect personal information from our suppliers and from individual representatives of our corporate customers.
When persons visit our publicly available website www.hbrconsulting.com, we may collect the following types of personal information:
- Contact information
- Event registrations and preferences
- Resume and applicant information for those applying to job openings
- Feedback and reviews or request for support
- Log files, information collected by cookies and similar technologies about the pages viewed, links clicked and other actions taken when accessing our website
- Activities, interactions, preferences, transactional information and other computer and connection information (such as IP address) relating to use of our website and our services
When persons and companies conduct business with HBR, we may collect the following types of personal information:
- Contact information
- Financial and billing information
WHY WE COLLECT PERSONAL INFORMATION AND HOW WE USE IT
HBR collects and uses personal information in the following ways:
- Personalizing information about our services
- Personalizing your experience on our website
- Providing services and support to our customers
- Conducting business with our suppliers and other third parties
- Considering résumés and applications received by applicants for job vacancies with HBR entities, including all elements of the procedure leading up to deciding whether to offer, subject to any appropriate background checks, the applicant a position
- Providing online education for teaching certificates and arranging temporary placements to enable students of such programs to obtain practical experience
- Other purposes disclosed at the time of collection or otherwise compatible with the above, and the Privacy Shield Principles
In instances where information is transferred to HBR through a client data controller and HBR is acting as the processor, HBR will assist the client data controller in complying with the Privacy Shield Principles where applicable.
WHY WE SHARE PERSONAL INFORMATION AND WITH WHOM WE SHARE IT
HBR may share personal information we collect from individuals with the following types of third parties and for the following purposes:
- Subsidiaries who process personal information on behalf of HBR for the purposes of supporting and providing services to its customers
- Third party service providers contracted to provide services on behalf of HBR for discrete business purposes such as provision of IT related services, event planning, talent recruiting, and travel services
- Other corporate entities if HBR undergoes a business transition such as a merger, acquisition by another company, or sale of all or a portion of its assets
- Third party entities with whom HBR works in providing a service, such as educational establishments with whom HBR collaborates to provide training and certification, and organizations at which HBR arranges for students to obtain practical experience
OPTING OUT, ACCESSING, UPDATING YOUR PERSONAL INFORMATION
We will retain your personal information for as long as needed to provide you services, comply with our legal obligations, resolve disputes and enforce our agreements. In instances where HBR is acting as the data controller, HBR will provide on a consent form, web page, or email footer directions as to how to opt out regarding whether your personal information is to be disclosed to a third party or used for a purpose that is materially different from the purpose(s) for which it was originally collected. To the extent that HBR processes sensitive personal data, HBR adheres to the Choice Principle and the Sensitive Data Supplemental Principle, and obtains affirmative express consent consistent with those Principles, where applicable.
You have the right to access the personal information we possess and direct us to correct, amend or delete that information where it is inaccurate or has been processed in violation of the Privacy Shield Principles, as appropriate, in accordance with the Access Principles of the relevant framework. HBR may limit or deny access consistent with the Privacy Shield Principles.
If you have questions, complaints or concerns regarding this Self-Regulatory Frameworks Policy or wish to access your personal information, or update, change or remove your personal information, please contact firstname.lastname@example.org, or send mail addressed to:
Attn: Chief Compliance Officer
440 S La Salle St Ste 2250, Chicago IL 60605
If you wish to opt out of receiving marketing or other communications, you can either respond using the opt out button in the relevant communication, or by contacting us by one of the methods listed above.
HBR takes reasonable and appropriate measures to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the data.
INDEPENDENT DISPUTE RESOLUTION
When we receive written complaints, we will follow up with the person who made the claim. For personal information from the EU processed by HBR under the Privacy Shield Principles, we have designated the International Centre for Dispute Resolution, a division of the American Arbitration Association (“ICDR/AAA”) as our independent recourse mechanism to address complaints and provide appropriate recourse free of charge to individuals covered by the Privacy Shield. We encourage you to raise with HBR any complaints or concerns you have regarding HBR’s adherence to the Privacy Shield Principles prior to proceeding to ICDR/AAA. The website for submitting complaints to the ICDR/AAA can be found here.
INVESTIGATORY AND ENFORCEMENT POWERS OF THE FTC
HBR is subject to the investigatory and enforcement powers of the US Federal Trade Commission.
Individuals covered by Privacy Shield may seek binding arbitration to determine, for residual claims, whether HBR has violated its obligations under the Privacy Shield Principles regarding your personal information and whether any such violation remains fully or partially unremedied – this option is only available for these purposes. For additional information about the Privacy Shield arbitration process, please visit the Privacy Shield website at Privacy Shield Arbitration.
REQUIREMENT TO DISCLOSE
HBR may disclose personal information in special cases when we have a good faith belief that it is necessary to (a) conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements; (b) protect and defend our rights or property; (c) enforce the website Terms and Conditions; or (d) act to protect the interests of our users or others.
TRANSFERS TO AGENTS
If a third-party service provider providing services to HBR processes personal information from the EU that is subject to the Privacy Shield in a manner inconsistent with the Privacy Shield Principles, HBR will be liable unless we can prove we are not responsible for the event giving rise to the damages.