←Back

BCG DIGITAL NRL PLATFORM PRIVACY POLICY

01. Who we are

This is the Privacy Policy for The Boston Consulting Group, Inc. and its affiliates (BCG or we). This privacy policy was last updated in October 2023. For more detail on BCG’s international operations please see https://www.bcg.com/about/offices/default.aspx

02. Applicability of this Privacy Policy

This Privacy Policy applies only to your use of the BCG Digital Non-Reliance Letter (NRL) Platform (the “Platform”). The Platform is designed as a streamlined process to acknowledge NRLs or access acknowledgement letters, and offer an efficient and secure way to grant access to materials, share materials, monitor the activity around the materials, and have the ability to restrict materials for the clients/3rd parties. The application will be beneficial to BCG through time savings for PIPE and Legal teams and reduction in risk through sharing materials securely with clients/ 3rd parties.

03. Important information about this Privacy Policy

BCG understands that your privacy is important. BCG is committed to protecting your privacy and personal data you provide in relation to your access and use of the Platform. This Privacy Policy (together with the Terms of Use, which you will also have to agree to, and any additional terms of use incorporated by reference into the Terms of Use) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. This Platform is not intended for and does not intentionally target or solicit to children or anyone of 18 years of age and younger. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

04. Changes to this Privacy Policy

Please note that BCG may, in its discretion, amend this privacy policy from time to time. To ensure you are able to remain informed about the information we collect and how we use it, material changes to our statement will be reflected here and we will notify you whenever we make a material change to this Privacy Policy. The Platform may contain links to external sites or services which are not governed by this Privacy Policy. BCG does not take responsibility for the privacy practices of any third-party sites to which we link. We encourage you to review the privacy policies of any such sites before you submit information there.

Contact details

Our full details are Data Protection Office

Boston Consulting Group (BCG Inc):
200 Pier Four Boulevard, Boston, MA 02210,
Dataprotectionoffice@bcg.com

05. The data we collect about you

The Platform may collect, use, store and transfer the following personal data about you:

First name, last name, business email address, IP address/device identifier, geolocation, information about the completion of users’ tasks, about user activity and standard user logs.

We also collect, use and share aggregated data such as statistical data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate the data relating to details of your use of the Platform to calculate the percentage of users accessing a specific feature. However, if we do ever combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

06. Authentication through Okta

If you are a BCG user and you are using the Platform where applicable, you will need to authenticate with the third-party provider Okta Inc. (301 Brannan St Ste 300, San Francisco, CA 94107) with your personal username and a personal password. To do this, download the Okta Verify app and perform the authentication process. The regulations and data protection declaration of Okta, Inc. apply. We have no influence on and are not responsible for the data collection by Okta Inc. Your data will be processed exclusively for the purpose of authentication. After successful authentication you will receive personal access to our app. Here you register once with your e-mail address.

07. How your personal data is collected

The personal data processed in the platform is (i) directly by you form being filled (help or NRL request forms) or by email where you might share more details and/or provided (i) by your employer, Banks/Facilitators and BCG clients who are working with you and includes name, e-mail, job title.

We will collect your data based on your consent you provide by filling in form when you sign up to request help or access to materials, or by corresponding with us (for example, by email). It includes information you when you register or when you report a problem with the Platform. If you contact us, we will keep a record of that correspondence.

Cookie/Device storage objects
Essential Cookies

These cookies are essential to enable you to move around the Platform and use its core features. Without these cookies, the core features of the Platform (such as navigating between pages) cannot be provided. These cookies are also used to remember choices you make (such as your username, language, or the region you are in), recognize the Platform from which you access the Platform, and to ensure secure, accurate session management, the Internet Protocol (IP) address of your machine will be recorded for the period of time that you visit the Platform. Essential Cookies are enabled.

Google reCAPTCHA set cookie, which protects our site against spam enquiries on contact forms. This is a persistent cookie that persists in the browser and expires within 6 months from a user’s last use of the captcha component.

This Site uses the following functional cookies from Google: _GRECAPTCHA
Click here for Google’s privacy policy https://policies.google.com/privacy

08. Purposes for use Of your personal data

We process your personal information for the following purposes:

1. Managing your access to the Platform
2. Managing usage of the Platform;
3. Providing you support related to accessing and using the Platform
4. Corresponding with the user via email and informing the user about updates to the Platform
5. Improving the Platform content and navigation
6. Determining whether the tool is designed to work with the Device settings of a majority of users

09. How your personal data is USED

Personal information is processed in the following ways and in accordance with applicable data privacy laws, the processing is based on the lawful bases as stated below.

In some situations, as listed above we may need to process your personal data for the legitimate interests pursued by us for running the NRL process, unless consent is required specifically under applicable data privacy laws.

Where you have consented on or before the collection, use and/or disclosure of your personal data unless we are otherwise permitted to do so under applicable data privacy laws.

We process your personal information for the purposes described above: when we have your consent to do so, where applicable; when necessary to enter into a contract with you; when necessary for us to comply with a legal obligation; or when necessary for the purposes of our legitimate interests as a company operating globally. You may withdraw your consent at any time by sending an email to datasubjectrights@bcg.com.

10. Disclosure of Personal Data

The information you provide will naturally only be used for the purposes explained under this Privacy Policy and will not be disclosed to third parties. However, given the global nature of BCG, Personal data may be processed at various locations where BCG conducts business, including in the United States and other countries as well as to external service providers appointed by BCG or another BCG company to perform IT services, IT infrastructure, business, administrative, and management functions for BCG and cloud storage capabilities e.g. BCG maintains and stores personal information in systems and applications located in Europe and the United States, and the personal information is only accessible by authorized persons or vendors who are bound by privacy requirements. BCG appreciates the confidential nature of personal data and discloses it only as necessary for BCG’s valid business purposes or as required by law as described herein, although whenever possible to do so, information will be anonymized prior to its production.

We may also disclose your Personal Data to law enforcement agencies, courts, other government authorities or other third parties where we believe necessary to comply with a legal or regulatory obligation. Further we may disclose your Personal Data to potential transaction partners, service providers, advisors, and other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company, or we sell or transfer all or a portion of our assets or business. Should such a sale or transfer occur, we will use reasonable efforts to obligate the entity to which we transfer your Personal Data to use it in a manner that is consistent with this Policy.

11. Data Retention

Personal data will only be kept as long as is reasonably necessary to fulfil the purpose for which it was collected. We may retain your personal information for longer if they may be the subject of a legal claim, or may otherwise be relevant for future litigation.

In some circumstances we will anonymise and/or aggregate your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

12. International Data Protection Standards

With respect to personal data about you residing in the EEA and UK, Switzerland, BCG adheres to legitimate cross-border data transfer mechanisms (namely Standard Contractual Clauses approved by the European Commission) and the principles of applicable data protection laws. Accordingly, third parties obtaining access to personal data about you for purposes of performing services for or on behalf of BCG, are required to assure BCG in writing that they will provide at least the level of privacy protection as BCG provides e.g. the appropriate safeguards have been put in place.

13. Data security

BCG handles personal data in accordance with BCG procedures to protect the integrity and security of the personal data, including conducting periodic reviews of personal data quality, purging obsolete information, and imposing security measures such as industry-standard technical, physical and administrative safeguards. We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.

14. Your rights

In accordance with applicable data protection laws, including but not limited to the GDPR, have the right to access your personal data, you have a right to request a copy of the personal information we hold about you and details of how we use that information. If any of the information held about you is incorrect or out of date, you have the right to amend or rectify it. Please follow the process outlined below and we will amend our records where appropriate. You also have the right to require us to erase your personal data, stop processing your personal data, restricting the processing of your personal information, right of portability of your personal information, right of not be subject to automated decision making, including profiling and/or to withdraw your consent to processing. This may not apply if there are other legal justifications to continue processing.

If you think we may have incorrect personal information, or would like a copy of the personal information we hold on you, or to exercise any other data protection right, please contact us on our point of contacts below. Please note that we need you to prove who you are before we can provide you with any information. You also have a right to lodge a complaint with your local supervisory authority.

15. CONTACT US

If you have further questions on the topic of data protection, please contact us. For questions regarding the processing of your personal data, regarding access, rectification, blocking/restriction of processing or erasure of data, data transferability, objection to data processing and revocation of given consents, please contact us via:

Data Protection Office
Boston Consulting Group Inc.
200 Pier Four Boulevard
Boston, MA 02210
Contact Us

California
As required by the California Privacy Laws, this Privacy Policy describes the categories of personal data collected, processed, and disclosed by BCG, the categories of sources for that data, and the business or commercial purposes for which that data is collected, processed, and disclosed.

If you are a California resident, please see the California Addendum.