This is the Privacy Statement (“Privacy Statement”) for The Boston Consulting Group, Inc. and its subsidiaries and affiliates ("BCG", “we”, “us”, or “our”). This Privacy Statement was last updated in November 2024. For more detail on BCG's international operations, please see https://www.bcg.com/offices/default.
BCG understands that your privacy is important. BCG is committed to protecting your privacy and personal information.
This Privacy Statement only applies to the personal information you provide or as you access and use materials on bcg.com or other BCG websites, including BCG subscription pages or other BCG websites or apps that post a link to this Privacy Statement (collectively, the “Site”) as well as personal information that you submit to BCG in response to a request for information or other outreach from BCG.
Depending on your relationship with BCG, additional or different privacy statements may apply to you. For our privacy practices in connection with the personal information of job applicants, potential candidates for employment, and participants of our optional recruiting programs and events, or personal information collected via our recruiting websites, please see our Recruitment Privacy Policy. For our privacy practices in connection with the personal information we obtain from your access to and use of our tools and solutions and the research and development thereof, please see our Solutions Privacy Statement.
If you are a U.S. resident, please see the U.S. Addendum at the end of this Privacy Statement for further details on how we handle your personal information and how to exercise your rights.
BCG may, in its discretion, amend this Privacy Statement from time to time. To ensure you are able to remain informed, , changes to our Privacy Statement will be reflected here.
What information do we collect?
Account, registration, subscription, and marketing
BCG collects information from you when you create your account or register for certain pages for the Site, request copies of publications, subscribe for email newsletters and press releases, seek additional information regarding our services, and for marketing communications (via emails, social media platforms) from BCG based on your consent where required.
Personal information that we collect includes names, addresses, email addresses, phone numbers, employment information that may identify you (such as company, job title, or position), IP address, geo location, subject areas of interest and/or demographic information.
If you do not provide such information, you may not be able to create an account or register for certain pages for the Site, request copies of publications, subscribe for email newsletters and press releases, or seek additional information regarding our services or employment opportunities.
Surveys and events
BCG collects information if you register for conferences and other BCG-sponsored events, and/or take part in surveys run by BCG.
Personal information that we collect includes names, email addresses, IP address, unique personal identifiers, subject areas of interest and/or demographic information.
In addition, we sometimes aggregate demographic information, and the types of systems and browsers of users BCG also may conduct user surveys on the web or use technologies to provide BCG with information on a number of areas, such as user identity, user viewing habits, whether or not users found what they were searching for, whether the Site content is relevant to user needs, and the like.
How do we use personal information?
The purposes and uses of your personal information will depend on the use of the Site and the personal information provided. We process your personal information:
For the purposes of safeguarding the legitimate business interests pursued by BCG. This includes:
In order to use the Site, where applicable, you may need to authenticate with the third-party provider Okta, Inc. (301 Brannan St Ste 300, San Francisco, CA 94107) with your personal username and a personal password. To do this, you will need to download the Okta Verify app and perform the authentication process. The regulations and data protection declaration of Okta, Inc. apply. We have no influence on and are not responsible for the data collection by Okta, Inc. Your data will be processed exclusively for the purpose of authentication. After successful authentication you will receive personal access to our app.
The third parties with whom we may need to disclose personal information to help us provide services and products to you and to run our Site include:
We may also disclose your personal information to a third party in the event of any reorganization, financing transaction, merger, sale, joint venture, partnership, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
Because BCG is a global organization, we may need to transfer personal information which is collected on the Site or through other means as described under this Privacy Statement across the BCG group of companies (http://www.bcg.com/about/offices/default) or to third parties listed above to help operate our business efficiently. These arrangements may involve your personal information located in various countries around the world where BCG and such third parties maintain and store personal information in systems and applications where privacy laws differ. The personal information is only accessible by authorized persons or vendors who are bound by privacy requirements, and we only make these arrangements or transfers where we are satisfied that adequate levels of protection are in place to protect personal information held in that country. In addition, the Site may be viewed and accessed anywhere in the world including countries that may not have laws regulating the use and transfer of personal information.
BCG retains your personal information for so long as is necessary to fulfil the purpose for which it was collected. The criteria used to determine our retention periods include:
If, at any time, you prefer not to receive further marketing communications from us in any or all forms you will have the ability to unsubscribe from such communications by means of a link provided in every email that is sent to you by us. When subscribing to BCG email newsletters, you are given the opportunity to select which promotions, news, and information you would like to receive at the time of sign up, and you will have the opportunity to unsubscribe from such communications.
BCG may use cookies on this Site and in our communications with you to keep track of your visit to our Site and our communications with you. A “cookie” is a small amount of data sent from a web server to your browser and stored on your computer’s hard drive. Other tracking technologies work similarly to cookies and place a small amount of data on your devices to monitor your website activity to allow us to collect information about how you use our Site and our services. With most internet browsers, you can erase cookies from your computer hard drive, block all cookies, or receive a warning before a cookie is stored on your computer. Please refer to your browser instructions or you can visit https://www.aboutcookies.org/ which will give you more information. Please be advised that certain sections or functionalities of the Site may be inaccessible to you if your browser does not accept cookies. We do not currently respond to browser do-not-track signals.
A detailed list of cookies used on BCG.com and connect.bcg.com are available on our cookie consent managers.
On bcg.com, BCG utilizes a third-party provider, Contentsquare, to record user sessions, including clicks, hovers, swipes, and what you may be viewing on the website, and create insights based on such information. Before deploying Contentsquare’s session replay technology, BCG obtains your consent via our cookie consent manager on bcg.com. If you have previously provided your consent, but now wish for BCG to stop utilizing Contentsquare’s session replay technology, please adjust your cookie settings on the cookie consent manager on bcg.com to only utilize essential cookies. For more information on Contentsquare’s privacy practices, please visit Contentsquare’s services privacy policy.
BCG has in place appropriate technological and operational security processes designed to protect personal information. Only authorized employees and contractors will have access to any personal information provided by you, and that access is limited by need. Each employee or contractor having access to any personal information is obligated to maintain its confidentiality. Although we take steps that are generally accepted as industry standard to protect your personal information, BCG cannot guarantee that your personal information will not become accessible to unauthorized persons and BCG cannot be responsible for any actions resulting from a breach of security when personal information is supplied over the internet or any public computer network.
This Site contains links to other websites not operated by BCG.
BCG is not responsible for the privacy practices or the content of any non-BCG websites to which we link from the Site. We are not responsible for the protection and privacy of any information you provide whilst visiting other websites and sites not governed by our Privacy Statement. We cannot control the content or security of such websites. We cannot be held responsible for any loss or damage incurred by a user as a result of visiting such websites. No links are intended to be, nor should be construed as, an endorsement of any kind by us of that other website.
BCG may be compelled to surrender personal information to legal authorities if presented with a court subpoena or similar legal or administrative order, or as required or permitted by the laws, rules and regulations of any nation, state, or other applicable jurisdiction. Also, in the event of a violation of the terms and conditions of use of the Site or a violation of any restrictions on use of materials provided in or through the Site, we may disclose personal information to our affected business partners or legal authorities.
Depending on where you reside, you may have the following rights in accordance with applicable data privacy laws. You have a right to request a copy of the personal information we hold about you and details of how we use that information. If any of the personal information held about you is incorrect or out of date, you have the right to amend or rectify such personal information. You also have the right to request that we erase your personal information, stop processing your personal information, restrict the processing of your personal information, and provide your personal information in a portable format. Where processing of personal information is based on your consent, you may withdraw your consent to such processing. This may not apply if there are other legal justifications to continue processing. You also may have a right to lodge a complaint with a relevant supervisory authority.
If you would like to exercise any of your data protection rights, please contact the appropriate data protection point of contact in the “Contact Us” section of this Privacy Statement. Please note that we may need you to prove who you are (including providing additional information from you) before we can act on your request.
BCG understands the importance of protecting children's privacy, particularly in their online interactions. This Site is not designed for and does not intentionally target or solicit to children 18 years of age and younger.
For further questions, or to exercise any of your data protection rights, you may contact the appropriate data protection point of contact:
Data Protection Office
Boston Consulting Group Inc.
200 Pier Four Boulevard
Boston, MA 02210
Contact Us
Germany
Data Protection Officer (Der Datenschutzbeauftragte)
Boston Consulting Group GmbH
Ludwigstrasse 21
80539 Munich Germany
Contact Us
This U.S. Addendum applies to U.S. residents and supplements the information provided above in the Privacy Statement. This U.S. Addendum provides U.S. residents with certain information under U.S. state data privacy laws, including, but not limited to, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CPRA”).
Collection, Disclosure, Selling, and Sharing of Personal Information
The following list details which categories of personal information we collect and process both online and offline, as well as which categories of personal information we disclose to third parties for our operational business purposes, including within the 12 months preceding the date this Privacy Statement was last updated. The list also details the categories of personal information that we “sell” and “share”, including within the preceding 12 months. BCG does not “sell” or “share” your personal information in exchange for monetary consideration. However, we may allow the third parties listed in our cookie consent managers to use cookies and related tracking technologies, such as pixels, to collect information about your visits to our Sites and use that information to deliver advertisements relevant to your interests. Information collected about you on our Sites by third parties could be combined with other information that you have provided to such third parties or that they have collected from your use of their services. Under U.S. state data privacy laws, these disclosures may constitute a “sale” when the personal information is exchanged for non-monetary consideration (anything of value) or “sharing” when the personal information is disclosed for cross-context behavioral advertising purposes. Under U.S. state data privacy laws, such activities may also constitute “targeted advertising”.
We may also disclose any of the categories of your personal information listed above to a third party in the event of any reorganization, financing transaction, merger, sale, joint venture, partnership, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
Without limiting the foregoing, we do not knowingly “sell” or “share” the personal information, including the sensitive personal information, of minors under 16 years of age.
We collect this personal information directly from you, from your devices, and from third-party sources, such as public databases, joint marketing partners, and social media platforms, where permitted under applicable local laws.
We collect personal information to operate, manage, and maintain our business, to provide our products and services, and to accomplish our business purposes and objectives, including to:
Personal Information Retention
The criteria used to determine how long we retain your personal information is set forth in the “Retention of Your Personal Information” section of our Privacy Statement.
Use or Disclosure of Sensitive Personal Information
We do not use or disclose your sensitive personal information outside of the following purposes: (1) performing our services, (2) detecting security incidents, (3) resisting malicious, deceptive, fraudulent, or illegal actions, (4) ensuring physical safety, (5) for short-term transient use, including certain non-personalized advertising, (6) maintaining or servicing accounts, providing customer service, or providing similar services, and (7) verifying and maintaining the quality or safety of a service or product or improving, upgrading, or enhancing a service or product. Accordingly, we do not provide the right to limit the use or disclosure of your sensitive personal information under the CPRA.
CPRA Rights
If you are a U.S. resident, you, subject to applicable law of the state in which you reside, have the following rights regarding your personal information:
If you are a U.S. resident, to exercise your rights regarding your personal information, contact us via datasubjectrights@bcg.com or, if you are a California resident, you may also call 1-866-I-OPT-OUT (1-866-467-8688) and enter service code 837# to leave us a message. We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the personal information subject to the request. We may need to request additional personal information from you in order to verify your identity and protect against fraudulent requests. If you make a request to delete, we may ask you to confirm your request before we delete your personal information.
In connection with certain Sites, you may opt-out of the “sale” or “sharing” of your personal information or “targeted advertising” described above by sending certain browser enabled opt-out signals, such as the Global Privacy Control. You may learn more about how to set the Global Privacy Control here. In addition, in connection with certain Sites, you may opt-out of the “sale” or “sharing” of your personal information or “targeted advertising” described above by visiting the cookie consent manager and changing settings to only utilize essential cookies.
Authorized Agents
If an agent would like to make a request on your behalf as permitted under applicable law, the agent may use the submission methods noted in the section entitled “Privacy Rights”. As part of our verification process, we may request that the agent provide, as applicable, proof concerning their status as an authorized agent. In addition, we may require that you verify your identity as described in the section entitled “Privacy Rights” or confirm that you provided the agent permission to submit the request.
Appeal Process
If you have made a privacy rights request to BCG and believe your request was denied by BCG, you can exercise your right to appeal the results of your request by using the submission methods noted in the section entitled “Privacy Rights”. Please use the same email address that you used to submit the initial privacy rights request when you submit your request to appeal, and please add “Request to Appeal” in the subject line of the email. If you do not use the same email address, we cannot link your request to appeal to your initial privacy rights request. If your appeal is unsuccessful, depending upon the state in which you reside, you may have the right to raise a concern or lodge a complaint with your state attorney general or other applicable authority.