Huron Privacy Notice for U.S. Employees, Directors, Officers, and Contractors Huron Consulting Group Inc. and its subsidiaries: Huron Consulting Services LLC; Huron Advisors Canada Limited; Huron Eurasia India Private Limited; Huron Managed Services LLC; Huron Transaction Advisory LLC; Innosight Consulting, LLC; Innosight Consulting Asia-Pacific Pte. Ltd; Innosight Consulting SARL; Pope Woodhead and Associates Limited; and, The Studer Group, L.L.C. (“Huron” or “we” or “our” or “us”) are committed to protecting the privacy of our employees, directors, officers, and contractors (collectively, “People,” or “you” or “your”), in the same way that we are committed to protecting the privacy of our clients, customers, marketing leads, website visitors and job applicants. 1 This Privacy Notice (“Privacy Notice” or “Notice”) sets out the privacy practices for Huron with respect to Personal Data and Personal Information (collectively, “Personal Information,” which means any information that relates to, identifies, describes, or can be reasonably associated or linked with a natural person or household) we obtain from and about our People in the United States. 2 Additionally, if you are a resident of California, the California Consumer Privacy Act 2018 (“CCPA”) grants you the right to receive this notice which informs you of the categories of personal information to be collected by Huron and the purposes for which the categories shall be used; however, for reasons specific to the unique nature of the relationship between an organization and its people, the CCPA does not grant the additional CCPA access/deletion rights which it grants to certain customers. Regardless of the effect of the CCPA or any other law which applies only to subsets of our People, Huron encourages everyone to reach out to their supervisor, Human Resources, or Huron’s Chief Privacy Officer (firstname.lastname@example.org) with any privacy questions or concerns, regardless of what data protection laws apply at any given time based on location or residency. Finally, please note that this Privacy Notice will be updated from time to time as U.S. federal and state data protection laws evolve, and we will post an updated Notice on Huron’s iNet when we make such changes. Categories of Personal Information We Process About Our People In the table below, we have enumerated categories of Personal Information to communicate the Personal Information we collect about or from you. Our Personal Information processing activities related to our People are generally the same throughout the entire organization and are what you would expect from any similarly reputable employer; however, not everything below may apply to you, for several reasons. Some of the differences in processing activities are caused by differences in state laws, differences in local office and engagement practices, and the fact that this Notice applies to an interconnected yet varied group of individuals (for example, officers and directors may not be part of our ordinary payroll or recruiting processes, and contractors may not be part of the same benefits processes as employees). This Privacy Notice should be read and understood in the reasonable context of your particular relationship with Huron. 1 Huron maintains a separate Privacy Statement at https://www.huronconsultinggroup.com/privacy which covers our clients and customers (future, present, and past), marketing leads, website visitors and job applicants. You are encouraged to review and understand the Huron Privacy Statement, so that when you interact with these outside parties and individuals you process their Personal Information only in ways that comply with the commitments we have made in the Huron Privacy Statement. 2 Huron maintains a separate European Data Protection Notice based on the separate legal requirements of the EU General Data Protection Regulation (GDPR) and UK Data Protection Act 2018. Page 2 of 5 CONFIDENTIAL AND PROPRIETARY Categories of Personal Information Does Huron Collect this About You? A. Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers. Yes. We collect identifying information about our People. It is critical for an employer to do so. B. Any categories of personal information described in subdivision (e) of Section 1798.80 (i.e., any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information) Yes. We collect these additional categories of identifying information about our People. It is critical for an employer to do so. There are, however, reasonable limits based on what you would expect. For example, to the extent we have Personal Information related to your insurance, driving, or banking information, it is for the purposes described in the section below on “Purposes for Processing Personal Information” (e.g., payroll, reimbursement, insurance, official travel, credit checks, etc.). C. Characteristics of protected classifications under California or federal law (subject to change under the law, but for example: race, color, sex, gender identity and expression, sexual orientation, age, religion, national origin, disability, citizenship status, and genetic information). Yes. We collect these categories of Personal Information to comply with the law (e.g., equal employment law); you may voluntarily disclose them for employee engagement initiatives (e.g., when you join an iMatter team, though not necessary, you may choose to state your inclusion in one of these protected classifications); we also collect this category of Personal Information for Huronsponsored visa and immigration assistance; and for workplace accommodations. D. Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. We generally do not collect or maintain this category of Personal Information (with minor exceptions – e.g., credit checks required by Huron or its clients, submitted travel and work expenses, and a record of any mobile device you purchased through Huron’s plan). E. Biometric information. No. However, access to Huron’s third-party data center (to which very few People have access) is controlled in part by biometric identifiers (e.g., fingerprint scans), and that third-party maintains a separate required notice provided to our People who have access to the data center. F. Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement. Yes, while you are using Huron IT resources, per the Employee Handbook, Electronic Communication and Use of Technology Policy, and Global Information Security Policy, your use of those Huron IT resources is subject to monitoring as necessary. We do not collect information about your use of the Internet or other electronic activity outside of Huron’s IT-controlled environment (e.g., when you are at home on your personal computer). G. Geolocation data. Yes, while you are using Huron IT resources, per the Employee Handbook, Electronic Communication and Use of Technology Policy, and Global Page 3 of 5 CONFIDENTIAL AND PROPRIETARY Information Security Policy, your use of Huron’s IT resources is subject to monitoring as necessary. That function is critical to Huron’s IT Security (e.g., to locate stolen Huron laptops or mobile phones). We do not collect your geolocation data on devices other than Huron’s IT resources. H. Audio, electronic, visual, thermal, olfactory, or similar information. Not much, and only what you would expect. As described in the section below on “Purposes for Processing Personal Information,” this category of Personal Information may be collected for physical security, including CCTV at Huron office locations on security systems, but would be overwritten after a set period of time. We also electronically monitor the use of Huron’s web properties, as described in Category F above. I. Professional or employment-related information. Yes. We collect professional or employment-related information about our People. It is critical for an employer to do so. J. Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99). Yes, as part of the ordinary job application and internal or client background check process, we typically collect education information, such as degree confirmations or degree transcripts. K. Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. Not really. We don’t collect inferences to create a profile, but, as is the case with every employer, we do have a recruitment file for job applicants, and an HR file which includes performance reviews that track expected categories of Personal Information such as job performance, behavior, attitudes, abilities, and aptitudes. Purposes for Processing Your Personal Information Huron processes the above-mentioned categories of Personal Information for the purposes listed in this section. While the list below is thorough, no general privacy notice or statement can be entirely static, so in addition to updating this Notice as appropriate, we may also provide you with additional short (i.e., “justin-time”) notices to supplement the information in this Notice. Additional short notices will be given, as appropriate, at the time we collect additional Personal Information from you or when we process your Personal Information for additional purposes. A. HR Management Huron processes Personal Information for proper Human Resources (“HR”) management. This includes processing to establish and perform our contract with you, recruitment and background checks, maintain or terminate our relationship with you, manage work activities and People; for payroll accounting, compensation and benefits management (including occupational pension schemes); expense management; time and attendance management; performance reviews (including evaluations, promotions, transfers, career planning); to administer training and talent development; leave management; facilitate relocations and international assignments (e.g. immigration); to maintain organizational structure and report on headcount; to maintain a Huron directory; to manage People relations and disciplinary matters, grievances and claims; for surveys; to manage safety and travel arrangements; to establish, track and monitor inclusion and diversity programs or initiatives; and to satisfy legal and regulatory requirements (such as income tax and national insurance deductions). Page 4 of 5 CONFIDENTIAL AND PROPRIETARY B. Business Operations Huron processes Personal Information to manage its everyday business operations. This includes processing Personal Information for: organizational analysis, headcount, management reporting; managing Huron assets and the global workforce, including through central databases, where necessary; allocating Huron assets and staffing, work planning, both administratively and organizationally (including work schedules and billing of clients); project management; maintaining records on business activities; maintaining records on volunteer hours for volunteer related events sponsored by Huron; budgeting, HR metrics and communications; travel management and planning. C. Physical and Network Security, Communications and IT Huron will process Personal Information to manage and control access to Huron or Huron’s facilities, systems, applications, records and equipment (“Facilities”); to protect intellectual property or Personal Information, trade or business secrets, Confidential Information, and other assets; and review access to Huron Facilities in the event of an incident or, where needed, to investigate unauthorized access, loss or theft or data breaches and incidents. This includes processing Personal Information to: create and manage user IDs, badges, keys, and other access management methods to make sure individuals have appropriate permission before accessing Huron Facilities (i.e., access control and prevention of unauthorized access); monitor Huron Facilities (including through the use of closed circuit television and other types of cameras) to protect people, and protect against theft, vandalism and damage to Huron property; monitor use of Internet, e-mail and systems and applications (as set forth in Huron’s Electronic Communication and Use of Technology Policy) and manage and track office equipment, intellectual property, and other property. This also includes processing records of access to Facilities or authorized areas (e.g., recording entrance and exit of individuals) to adequately investigate any unauthorized access, loss or theft. D. Health and Safety Huron processes Personal Information to help maintain the health and safety of its employees. This includes processing of Personal Information to: protect the health and safety of employees and others; implement and maintain emergency and/or exposure management programs concerning hazardous substances; assess the working capacity of an individual, reintegration (including checking and monitoring fit for work status) or providing support and care for individuals entitled to benefits in connection with illness or partial or full work incapacity, detecting and responding to an incident, managing the employee health file, providing you with social benefits that depend on the state of an individual’s health (e.g., parental leave, sick leave), and maintaining proper documentation. E. Compliance with statutory requirements, laws, and client obligations Huron processes Personal Information to comply with legal and other requirements to which Huron is subject. This includes processing Personal Information to: investigate and respond to compliance cases and hotline submissions; screen employees against anti-money laundering, terrorist, or other sanctioned party list(s) imposed on Huron; perform credit and background checks on behalf of Huron or its clients; comply with governmental inspections, investigations or other requests from government or other public authorities; respond to legal processes or court orders; pursue legal rights and remedies; investigate, prepare for, participate in and defend litigation; and manage any internal or external complaints or claims. Page 5 of 5 CONFIDENTIAL AND PROPRIETARY Contact Us We take great measures to ensure that your relationship with Huron is satisfying and that your privacy is respected. As stated at the beginning of this Notice, if you have any questions, comments or concerns about our privacy practices, please contact Huron’s Chief Privacy Officer by e-mail at email@example.com. You may also contact your supervisor or HR business partner if you prefer and if you believe they will be able to answer your questions as well. Effective as of January 1, 2020
What personal information do we collect from the people that visit our blog, website or app?
When registering on our site, as appropriate, you may be asked to enter your name, email address or other details to help you with your experience.
When do we collect information?
We collect information from you when you fill out a form or enter information on our site.
How do we use your information?
We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:
- To send periodic emails regarding your order or about our products and services.
- To follow up with you after correspondence (live chat, email or phone inquiries)
How do we protect your information?
We do not use vulnerability scanning and/or scanning to PCI standards.
We only provide articles and information. We never ask for credit card numbers.
We use regular Malware Scanning.
We do not require users provide their name or email address. It is at their discretion and they choose to provide it.
Do we use ‘cookies’?
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since each browser is a little different, look at your browser’s Help Menu to learn the correct way to modify your cookies.
If you turn cookies off, some features will be disabled. It won’t affect your experience on our website, but since the cookies that make your site experience more efficient, some features may not function properly.
We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when its release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property or safety.
However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
We do not include or offer third-party products or services on our website.
California Online Privacy Protection Act
According to CalOPPA, we agree to the following:
Users can visit our site anonymously.
- Rights under the CCPA. To the extent Perception Health, Inc. (“Perception,” “We,” or “Us”) is subject to the obligations and mandates of the CCPA, We shall afford a California-resident user at least the following rights:
- the right to know what personally identifiable information (“PII”), is collected, used, shared, or sold both as to the categories and specific pieces of PII;
- the right to delete PII, held by Perception and, by extension, the third-party service providers of Perception;
- the right to opt-out of the sale of personal information, including PII; users may direct Perception to cease, terminate, and stop the sale of users’ PII;
- the right to non-discrimination in terms of price, service, access, use, or consumption of Perception’s resources when the user exercises a privacy right available under the CCPA; and
- all other obligations and mandates available under the CCPA, available at Cal. Civ. Code § 1798.100 et seq, effective as of January 1, 2020.
- Exercising Your Rights under the CCPA. You may exercise any of the foregoing rights by contacting us in accordance with the section titled “Contacting Us.” Please be advised that We may request you to verify your identity prior to responding or to fulfilling your requests.
- Sale of Your Information. Please be advised that while we may not sell your information and data, including PII, third-party service contractors with whom we contract may do so. Please consult the privacy policies of the third-party service providers.
You can change your personal information by emailing us.
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
We do not specifically market to children under the age of 13 years old.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to complying with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action: Should a data breach occur, we will notify you via email within seven business days.
We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
- Send information, respond to inquiries, and/or other requests or questions
- Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.
To be in accordance with CAN-SPAM, we agree to the following:
- Not use false or misleading subjects or email addresses.
- Identify the message as an advertisement in some reasonable way.
- Include the physical address of our business or site headquarters.
- Monitor third-party email marketing services for compliance, if one is used.
- Honor opt-out/unsubscribe requests quickly.
- Allow users to unsubscribe by using the link at the bottom of each email.
If at any time you would like to unsubscribe from receiving future emails, you can email us at firstname.lastname@example.org.
Last Edited on November 9, 2021.