BCG Privacy Statement and Policy

Privacy policy in German

Introduction

This is the Privacy Statement (“Privacy Statement”) for The Boston Consulting Group, Inc. and its subsidiaries and affiliates ("BCG", “we”, “us”, or “our”). This Privacy Statement was last updated in November 2024. For more detail on BCG's international operations, please see https://www.bcg.com/offices/default.

BCG understands that your privacy is important. BCG is committed to protecting your privacy and personal information.

This Privacy Statement only applies to the personal information you provide or as you access and use materials on bcg.com or other BCG websites, including BCG subscription pages or other BCG websites or apps that post a link to this Privacy Statement (collectively, the “Site”) as well as personal information that you submit to BCG in response to a request for information or other outreach from BCG.

Depending on your relationship with BCG, additional or different privacy statements may apply to you. For our privacy practices in connection with the personal information of job applicants, potential candidates for employment, and participants of our optional recruiting programs and events, or personal information collected via our recruiting websites, please see our Recruitment Privacy Policy. For our privacy practices in connection with the personal information we obtain from your access to and use of our tools and solutions and the research and development thereof, please see our Solutions Privacy Statement.

If you are a U.S. resident, please see the U.S. Addendum at the end of this Privacy Statement for further details on how we handle your personal information and how to exercise your rights.

CHANGES TO THIS PRIVACY STATEMENT

BCG may, in its discretion, amend this Privacy Statement from time to time. To ensure you are able to remain informed, , changes to our Privacy Statement will be reflected here.

PERSONAL INFORMATION THAT WE COLLECT, AND HOW WE USE IT

What information do we collect?

Account, registration, subscription, and marketing

BCG collects information from you when you create your account or register for certain pages for the Site, request copies of publications, subscribe for email newsletters and press releases, seek additional information regarding our services, and for marketing communications (via emails, social media platforms) from BCG based on your consent where required.

Personal information that we collect includes names, addresses, email addresses, phone numbers, employment information that may identify you (such as company, job title, or position), IP address, geo location, subject areas of interest and/or demographic information.

If you do not provide such information, you may not be able to create an account or register for certain pages for the Site, request copies of publications, subscribe for email newsletters and press releases, or seek additional information regarding our services or employment opportunities.

Surveys and events

BCG collects information if you register for conferences and other BCG-sponsored events, and/or take part in surveys run by BCG.

Personal information that we collect includes names, email addresses, IP address, unique personal identifiers, subject areas of interest and/or demographic information.

In addition, we sometimes aggregate demographic information, and the types of systems and browsers of users BCG also may conduct user surveys on the web or use technologies to provide BCG with information on a number of areas, such as user identity, user viewing habits, whether or not users found what they were searching for, whether the Site content is relevant to user needs, and the like.

How do we use personal information?

The purposes and uses of your personal information will depend on the use of the Site and the personal information provided. We process your personal information:

  • For the purposes of safeguarding the legitimate business interests pursued by BCG. This includes:

    • Communicate with you and manage your requests in relation to your account, registration, subscriptions to BCG newsletters, publications, events and survey participations.
    • Tailoring your experience at the Site with relevant BCG materials.
    • Understanding the Site’s user population, identifying subject areas of interest, and determining whether the Site is designed to work with the computer settings of a majority of our visitors.
    • Measuring and improving the effectiveness of BCG marketing programs across different channels.
    • Improving our web content and navigation.
    • Informing you about updates to the service and notifying you about other products and services offered by BCG that may be of interest to you, including information regarding publications and events and track email engagement activity for internal use only.
  • On the basis of your consent where required. Insofar as you have granted us consent to the processing of personal information for specific purposes, the lawfulness of such processing is based on your consent. You may withdraw your consent at any time.
  • For compliance with a legal obligation. This includes anti-fraud and anti-money laundering measures as well as tax and social security requirements.

AUTHENTICATION THROUGH OKTA

In order to use the Site, where applicable, you may need to authenticate with the third-party provider Okta, Inc. (301 Brannan St Ste 300, San Francisco, CA 94107) with your personal username and a personal password. To do this, you will need to download the Okta Verify app and perform the authentication process. The regulations and data protection declaration of Okta, Inc. apply. We have no influence on and are not responsible for the data collection by Okta, Inc. Your data will be processed exclusively for the purpose of authentication. After successful authentication you will receive personal access to our app.

HOW WE MIGHT DISCLOSE YOUR PERSONAL INFORMATION

The third parties with whom we may need to disclose personal information to help us provide services and products to you and to run our Site include:

  • Our subsidiaries or affiliates
  • Our advisors
  • Our third-party service providers who process information on our behalf to help run some of our internal business operations including email distribution, IT services, the Site security and marketing and events services
  • To the third parties listed in our cookie consent managers. A detailed list of such third parties and cookies used on BCG.com and connect.bcg.com are available on our cookie consent managers.
  • Our business partners for publications and events co-organized by BCG and them
  • Law enforcement bodies in order to comply with any legal obligation or court order
  • BCG may disclose your contact information in response to inquiries by bona-fide rights owners in connection with allegations of infringement of copyright or other proprietary rights arising from information that you have posted on the Site or otherwise provided to BCG

We may also disclose your personal information to a third party in the event of any reorganization, financing transaction, merger, sale, joint venture, partnership, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).

Because BCG is a global organization, we may need to transfer personal information which is collected on the Site or through other means as described under this Privacy Statement across the BCG group of companies (http://www.bcg.com/about/offices/default) or to third parties listed above to help operate our business efficiently. These arrangements may involve your personal information located in various countries around the world where BCG and such third parties maintain and store personal information in systems and applications where privacy laws differ. The personal information is only accessible by authorized persons or vendors who are bound by privacy requirements, and we only make these arrangements or transfers where we are satisfied that adequate levels of protection are in place to protect personal information held in that country. In addition, the Site may be viewed and accessed anywhere in the world including countries that may not have laws regulating the use and transfer of personal information.

RETENTION OF YOUR PERSONAL INFORMATION

BCG retains your personal information for so long as is necessary to fulfil the purpose for which it was collected. The criteria used to determine our retention periods include:

  • The length of time we have an ongoing relationship with you and provide services to you (for example, for as long as you have an account with us or keep using our services) and the length of time thereafter during which we may have a legitimate need to reference your personal information to address issues that may arise
  • Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
  • Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations)

MARKETING

If, at any time, you prefer not to receive further marketing communications from us in any or all forms you will have the ability to unsubscribe from such communications by means of a link provided in every email that is sent to you by us. When subscribing to BCG email newsletters, you are given the opportunity to select which promotions, news, and information you would like to receive at the time of sign up, and you will have the opportunity to unsubscribe from such communications.

COOKIES AND OTHER TRACKING TECHNOLOGIES

BCG may use cookies on this Site and in our communications with you to keep track of your visit to our Site and our communications with you. A “cookie” is a small amount of data sent from a web server to your browser and stored on your computer’s hard drive. Other tracking technologies work similarly to cookies and place a small amount of data on your devices to monitor your website activity to allow us to collect information about how you use our Site and our services. With most internet browsers, you can erase cookies from your computer hard drive, block all cookies, or receive a warning before a cookie is stored on your computer. Please refer to your browser instructions or you can visit https://www.aboutcookies.org/ which will give you more information. Please be advised that certain sections or functionalities of the Site may be inaccessible to you if your browser does not accept cookies. We do not currently respond to browser do-not-track signals.

A detailed list of cookies used on BCG.com and connect.bcg.com are available on our cookie consent managers.

RECORDING OF USER EXPERIENCE

On bcg.com, BCG utilizes a third-party provider, Contentsquare, to record user sessions, including clicks, hovers, swipes, and what you may be viewing on the website, and create insights based on such information. Before deploying Contentsquare’s session replay technology, BCG obtains your consent via our cookie consent manager on bcg.com. If you have previously provided your consent, but now wish for BCG to stop utilizing Contentsquare’s session replay technology, please adjust your cookie settings on the cookie consent manager on bcg.com to only utilize essential cookies. For more information on Contentsquare’s privacy practices, please visit Contentsquare’s services privacy policy.

SECURITY PROCESSES

BCG has in place appropriate technological and operational security processes designed to protect personal information. Only authorized employees and contractors will have access to any personal information provided by you, and that access is limited by need. Each employee or contractor having access to any personal information is obligated to maintain its confidentiality. Although we take steps that are generally accepted as industry standard to protect your personal information, BCG cannot guarantee that your personal information will not become accessible to unauthorized persons and BCG cannot be responsible for any actions resulting from a breach of security when personal information is supplied over the internet or any public computer network.

LINKS TO OTHER WEBSITES

This Site contains links to other websites not operated by BCG.

BCG is not responsible for the privacy practices or the content of any non-BCG websites to which we link from the Site. We are not responsible for the protection and privacy of any information you provide whilst visiting other websites and sites not governed by our Privacy Statement. We cannot control the content or security of such websites. We cannot be held responsible for any loss or damage incurred by a user as a result of visiting such websites. No links are intended to be, nor should be construed as, an endorsement of any kind by us of that other website.

COMPLIANCE WITH LAW

BCG may be compelled to surrender personal information to legal authorities if presented with a court subpoena or similar legal or administrative order, or as required or permitted by the laws, rules and regulations of any nation, state, or other applicable jurisdiction. Also, in the event of a violation of the terms and conditions of use of the Site or a violation of any restrictions on use of materials provided in or through the Site, we may disclose personal information to our affected business partners or legal authorities.

YOUR RIGHTS

Depending on where you reside, you may have the following rights in accordance with applicable data privacy laws. You have a right to request a copy of the personal information we hold about you and details of how we use that information. If any of the personal information held about you is incorrect or out of date, you have the right to amend or rectify such personal information. You also have the right to request that we erase your personal information, stop processing your personal information, restrict the processing of your personal information, and provide your personal information in a portable format. Where processing of personal information is based on your consent, you may withdraw your consent to such processing. This may not apply if there are other legal justifications to continue processing. You also may have a right to lodge a complaint with a relevant supervisory authority.

If you would like to exercise any of your data protection rights, please contact the appropriate data protection point of contact in the “Contact Us” section of this Privacy Statement. Please note that we may need you to prove who you are (including providing additional information from you) before we can act on your request.

CHILDREN

BCG understands the importance of protecting children's privacy, particularly in their online interactions. This Site is not designed for and does not intentionally target or solicit to children 18 years of age and younger.

CONTACT US

For further questions, or to exercise any of your data protection rights, you may contact the appropriate data protection point of contact:

Data Protection Office
Boston Consulting Group Inc.
200 Pier Four Boulevard
Boston, MA 02210
Contact Us

Germany
Data Protection Officer (Der Datenschutzbeauftragte)
Boston Consulting Group GmbH
Ludwigstrasse 21
80539 Munich Germany
Contact Us

U.S ADDENDUM

This U.S. Addendum applies to U.S. residents and supplements the information provided above in the Privacy Statement. This U.S. Addendum provides U.S. residents with certain information under U.S. state data privacy laws, including, but not limited to, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CPRA”).

Collection, Disclosure, Selling, and Sharing of Personal Information

The following list details which categories of personal information we collect and process both online and offline, as well as which categories of personal information we disclose to third parties for our operational business purposes, including within the 12 months preceding the date this Privacy Statement was last updated. The list also details the categories of personal information that we “sell” and “share”, including within the preceding 12 months. BCG does not “sell” or “share” your personal information in exchange for monetary consideration. However, we may allow the third parties listed in our cookie consent managers to use cookies and related tracking technologies, such as pixels, to collect information about your visits to our Sites and use that information to deliver advertisements relevant to your interests. Information collected about you on our Sites by third parties could be combined with other information that you have provided to such third parties or that they have collected from your use of their services. Under U.S. state data privacy laws, these disclosures may constitute a “sale” when the personal information is exchanged for non-monetary consideration (anything of value) or “sharing” when the personal information is disclosed for cross-context behavioral advertising purposes. Under U.S. state data privacy laws, such activities may also constitute “targeted advertising”.

  • We may “sell” and “share” the following categories of personal information with the third parties listed in our cookie policies for advertising, internal research, analytics, and development purposes:
    • Identifiers, such as name, IP address, and online identifiers
    • Geolocation data, such as approximate location derived from IP address
    • Internet or network activity information, such as browsing history of Sites, assets or prior visits, search history and interactions with our online properties
    • Inferences drawn from any of the personal information listed above to create a profile about, for example, an individual’s preferences or characteristics
  • We may disclose the following information with our affiliates and subsidiaries; third-party service providers; external legal, financial, and other professional advisors; legal authorities for operational business purposes:
    • Identifiers, such as name, IP address, online identifiers, address, email address, account name, telephone number, and other unique personal identifiers
    • Characteristics of protected classifications under law, such as gender, age, and racial or ethnic origin
    • Internet or network activity information, such as browsing history of BCG sites, assets or prior visits, search history and interactions with our online properties
    • Geolocation data, such as approximate location derived from IP address
    • Inferences drawn from any of the personal information listed above to create a profile about, for example, an individual’s preferences or characteristics or for statistics and visitor tracking
    • Audio, electronic, visual, and similar information
    • Professional or employment-related information
    • Sensitive personal information, such as racial or ethnic origin and personal information collected and analyzed concerning your health
  • We may disclose your following information with our joint business partners for publications and co-organized events:
    • Identifiers, such as name and contact information

We may also disclose any of the categories of your personal information listed above to a third party in the event of any reorganization, financing transaction, merger, sale, joint venture, partnership, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).

Without limiting the foregoing, we do not knowingly “sell” or “share” the personal information, including the sensitive personal information, of minors under 16 years of age.

Categories of Sources of Personal Information

We collect this personal information directly from you, from your devices, and from third-party sources, such as public databases, joint marketing partners, and social media platforms, where permitted under applicable local laws.

Purposes for the Collection of Personal Information

We collect personal information to operate, manage, and maintain our business, to provide our products and services, and to accomplish our business purposes and objectives, including to:

  • Develop, improve, operate repair, and maintain our products and services
  • Provide support and respond to requests for information
  • Maintaining or servicing accounts or registrations
  • Advertise and market our products and services, and personalize user experiences
  • Conduct research, analytics, and data analysis
  • Operate and maintain our facilities and infrastructure
  • Undertake quality and safety assurance measures, and conduct security control and monitoring
  • Detect and prevent fraud and perform identity verification
  • Facilitate and implement any reorganization, financing transaction, merger, sale, joint venture, partnership, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings)
  • Maintain records, comply with law, legal process, and internal policies, and exercise and defend legal claims.

Personal Information Retention

The criteria used to determine how long we retain your personal information is set forth in the “Retention of Your Personal Information” section of our Privacy Statement.

Use or Disclosure of Sensitive Personal Information

We do not use or disclose your sensitive personal information outside of the following purposes: (1) performing our services, (2) detecting security incidents, (3) resisting malicious, deceptive, fraudulent, or illegal actions, (4) ensuring physical safety, (5) for short-term transient use, including certain non-personalized advertising, (6) maintaining or servicing accounts, providing customer service, or providing similar services, and (7) verifying and maintaining the quality or safety of a service or product or improving, upgrading, or enhancing a service or product. Accordingly, we do not provide the right to limit the use or disclosure of your sensitive personal information under the CPRA.

CPRA Rights

If you are a U.S. resident, you, subject to applicable law of the state in which you reside, have the following rights regarding your personal information:

  • The right to know:
    • Whether we are processing your personal information
    • The categories of personal information we collected about you
    • The categories of sources from which we collected such personal information
    • The business or commercial purpose for collecting, selling, or sharing personal information about you
    • The categories of third parties to whom we disclosed your personal information
    • The specific pieces of personal information we have collected about you
  • The right to correct inaccuracies in your personal information
  • The right to have your personal information deleted, subject to certain exemptions
  • The right to obtain a copy of your personal information
  • The right to opt-out of: (1) the “sale” or “sharing” of your personal information; (2) targeted advertising; or (3) profiling in furtherance of decisions that produce legal or similarly significant effects; although please note BCG does not engage in such profiling
  • The right not to receive discriminatory treatment for exercising your privacy rights

If you are a U.S. resident, to exercise your rights regarding your personal information, contact us via datasubjectrights@bcg.com or, if you are a California resident, you may also call 1-866-I-OPT-OUT (1-866-467-8688) and enter service code 837# to leave us a message. We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the personal information subject to the request. We may need to request additional personal information from you in order to verify your identity and protect against fraudulent requests. If you make a request to delete, we may ask you to confirm your request before we delete your personal information.

In connection with certain Sites, you may opt-out of the “sale” or “sharing” of your personal information or “targeted advertising” described above by sending certain browser enabled opt-out signals, such as the Global Privacy Control. You may learn more about how to set the Global Privacy Control here. In addition, in connection with certain Sites, you may opt-out of the “sale” or “sharing” of your personal information or “targeted advertising” described above by visiting the cookie consent manager and changing settings to only utilize essential cookies.

Authorized Agents

If an agent would like to make a request on your behalf as permitted under applicable law, the agent may use the submission methods noted in the section entitled “Privacy Rights”. As part of our verification process, we may request that the agent provide, as applicable, proof concerning their status as an authorized agent. In addition, we may require that you verify your identity as described in the section entitled “Privacy Rights” or confirm that you provided the agent permission to submit the request.

Appeal Process

If you have made a privacy rights request to BCG and believe your request was denied by BCG, you can exercise your right to appeal the results of your request by using the submission methods noted in the section entitled “Privacy Rights”. Please use the same email address that you used to submit the initial privacy rights request when you submit your request to appeal, and please add “Request to Appeal” in the subject line of the email. If you do not use the same email address, we cannot link your request to appeal to your initial privacy rights request. If your appeal is unsuccessful, depending upon the state in which you reside, you may have the right to raise a concern or lodge a complaint with your state attorney general or other applicable authority.