BCG Privacy Statement and Policy

Privacy policy in German

Introduction

This is the Privacy Statement (“Privacy Statement”) for The Boston Consulting Group, Inc. and its subsidiaries and affiliates ("BCG", “we”, “us”, or “our”). This Privacy Statement was last updated in July 2024. For more detail on BCG's international operations please see https://www.bcg.com/offices/default.

BCG understands that your privacy is important. BCG is committed to protecting your privacy and personal information you provide or as you access and use materials on bcg.com or other BCG websites, including BCG subscription pages or other BCG websites or apps that post a link to this Privacy Statement (collectively, the “Site”). In addition, information that you submit to BCG in response to an email request for information or other outreach from BCG, will be treated in accordance with this Privacy Statement. If you are a California resident, please see the California Addendum at the end of this Privacy Statement for further details on how we handle your information and how to exercise your rights.

This Privacy Statement does not apply to the personal information of job applicants, potential candidates for employment, and participants of our optional recruiting programs and events or personal information collected via our recruiting websites. For our privacy practices in connection with such activities, please see our Recruitment Privacy Policy.

BCG may, in its discretion, amend this Privacy Statement from time to time. To ensure you are able to remain informed about the information we collect and how we use it, material changes to our statement will be reflected here.

PERSONAL INFORMATION THAT WE COLLECT, AND HOW WE USE IT

What information do we collect?

Account, registration, subscription, and marketing

BCG collects information from you when you create your account or register for certain pages for the Site, request copies of publications, subscribe for email newsletters and press releases, seek additional information regarding our services, and for marketing communications (via emails, social media platforms) from BCG based on your consent where required.

Personal information that we collect includes names, addresses, email addresses, phone numbers, employment information that may identify you (such as company, job title, or position), IP address, geo location, subject areas of interest and/or demographic information.

If you do not provide such information, you may not be able to create an account or register for certain pages for the Site, request copies of publications, subscribe for email newsletters and press releases, or seek additional information regarding our services or employment opportunities.

Surveys and events

BCG collects information if you register for conferences and other BCG-sponsored events, and/or take part in surveys run by BCG.

Personal information that we collect includes names, addresses, IP address, unique personal identifiers, subject areas of interest and/or demographic information.

In addition, we sometimes aggregate demographic information, and the types of systems and browsers of users BCG also may conduct user surveys on the web or use technologies to provide BCG with information on a number of areas, such as user identity, user viewing habits, whether or not users found what they were searching for, whether the Site content is relevant to user needs, and the like.

How do we use personal information?

The purposes and uses of your personal information will depend on the use of the Site and the personal information provided. We process your personal information:

  • For the purposes of safeguarding the legitimate business interests pursued by BCG. This includes:

    • Communicate with you and manage your requests in relation to your account, registration, subscriptions to BCG newsletters, publications, events and survey participations
    • Tailoring your experience at the Site with relevant BCG materials
    • Understanding the Site’s user population, identifying subject areas of interest, and determining whether the Site is designed to work with the computer settings of a majority of our visitors
    • Measuring and improving the effectiveness of BCG marketing programs across different channels
    • Improving our web content and navigation
    • Informing you about updates to the service and notifying you about other products and services offered by BCG that may be of interest to you, including information regarding publications and events and track email engagement activity for internal use only.1
  • On the basis of your consent where required. Insofar as you have granted us consent to the processing of personal information for specific purposes, the lawfulness of such processing is based on your consent. You may withdraw your consent at any time.
  • For compliance with a legal obligation. This includes anti-fraud and anti-money laundering measures as well as tax and social security requirements.

AUTHENTICATION THROUGH OKTA

In order to use the Site, where applicable, you may need to authenticate with the third-party provider Okta, Inc. (301 Brannan St Ste 300, San Francisco, CA 94107) with your personal username and a personal password. To do this, you will need to download the Okta Verify app and perform the authentication process. The regulations and data protection declaration of Okta, Inc. apply. We have no influence on and are not responsible for the data collection by Okta, Inc. Your data will be processed exclusively for the purpose of authentication. After successful authentication you will receive personal access to our app.

HOW WE MIGHT DISCLOSE YOUR PERSONAL INFORMATION

The third parties with whom we may need to disclose personal information to help us provide services and products to you and to run our Site include:

  • Our subsidiaries or affiliates
  • Our advisors
  • Our third-party service providers who process information on our behalf to help run some of our internal business operations including email distribution, IT services, the Site security and marketing and events services
  • To the third parties listed in our cookie policies. To view a detailed list of such third parties and cookies used on BCG.com, click here and for connect.bcg.com click here.
  • Our business partners for publications and events co-organized by BCG and them
  • Law enforcement bodies in order to comply with any legal obligation or court order
  • BCG may disclose your contact information in response to inquiries by bona-fide rights owners in connection with allegations of infringement of copyright or other proprietary rights arising from information that you have posted on the Site or otherwise provided to BCG

We may also disclose your personal information to a third party in the event of any reorganization, financing transaction, merger, sale, joint venture, partnership, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).

Because BCG is a global organization, we may need to transfer personal information which is collected on the Site or through other means as described under this Privacy Statement across the BCG group of companies (http://www.bcg.com/about/offices/default) or to third parties listed above to help operate our business efficiently. This also includes third parties located in different countries around the world, including outside of the EEA, Switzerland, and the UK. These arrangements may involve your personal information located in various countries around the world where BCG maintains and stores personal information in systems and applications where privacy laws differ. The personal information is only accessible by authorized persons or vendors who are bound by privacy requirements, and we only make these arrangements or transfers where we are satisfied that adequate levels of protection are in place to protect personal information held in that country. In addition, the Site may be viewed and accessed anywhere in the world including countries that may not have laws regulating the use and transfer of personal information.

RETENTION OF YOUR PERSONAL INFORMATION

BCG retains your personal information for so long as is necessary to fulfil the purpose for which it was collected. The criteria used to determine our retention periods include:

  • The length of time we have an ongoing relationship with you and provide services to you (for example, for as long as you have an account with us or keep using our services) and the length of time thereafter during which we may have a legitimate need to reference your personal information to address issues that may arise
  • Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
  • Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations)

MARKETING

If, at any time, you prefer not to receive further marketing communications from us in any or all forms you will have the ability to unsubscribe from such communications by means of a link provided in every email that is sent to you by us. When subscribing to BCG email newsletters, you are given the opportunity to select which promotions, news, and information you would like to receive at the time of sign up, and you will have the opportunity to unsubscribe from such communications.

COOKIES AND OTHER TRACKING TECHNOLOGIES

BCG may use cookies on this Site and in our communications with you to keep track of your visit to our Site and our communications with you. A “cookie” is a small amount of data sent from a web server to your browser and stored on your computer’s hard drive. Other tracking technologies work similarly to cookies and place a small amount of data on your devices to monitor your website activity to allow us to collect information about how you use our Site and our services. With most internet browsers, you can erase cookies from your computer hard drive, block all cookies, or receive a warning before a cookie is stored on your computer. Please refer to your browser instructions or you can visit https://www.aboutcookies.org/ which will give you more information. Once you have given your consent to use cookies, we shall store a cookie on your computer or device to remember this for next time. If you wish to withdraw consent at any time you will need to delete our cookies using your web browsers settings. Please be advised that certain sections or functionalities of the Site may be inaccessible to you if your browser does not accept cookies. We do not currently respond to browser do-not-track signals.

To view a detailed list of cookies used on BCG.com, click here and for connect.bcg.com click here.

SECURITY PROCESSES

BCG has in place appropriate technological and operational security processes designed to protect personal information. Only authorized employees and contractors will have access to any personal information provided by you, and that access is limited by need. Each employee or contractor having access to any personal information is obligated to maintain its confidentiality. Although we take steps that are generally accepted as industry standard to protect your personal information, BCG cannot guarantee that your personal information will not become accessible to unauthorized persons and BCG cannot be responsible for any actions resulting from a breach of security when personal information is supplied over the internet or any public computer network.

LINKS TO OTHER WEBSITES

This Site contains links to other websites not operated by BCG.

BCG is not responsible for the privacy practices or the content of any non-BCG websites to which we link from the Site. We are not responsible for the protection and privacy of any information you provide whilst visiting other websites and sites not governed by our Privacy Statement. We cannot control the content or security of such websites. We cannot be held responsible for any loss or damage incurred by a user as a result of visiting such websites. No links are intended to be, nor should be construed as, an endorsement of any kind by us of that other website.

COMPLIANCE WITH LAW

BCG may be compelled to surrender personal information to legal authorities if presented with a court subpoena or similar legal or administrative order, or as required or permitted by the laws, rules and regulations of any nation, state, or other applicable jurisdiction. Also, in the event of a violation of the terms and conditions of use of the Site or a violation of any restrictions on use of materials provided in or through the Site, we may disclose personal information to our affected business partners or legal authorities.

YOUR RIGHTS

Depending on where you reside, you may have the following rights in accordance with applicable data privacy laws. You have a right to request a copy of the personal information we hold about you and details of how we use that information. If any of the personal information held about you is incorrect or out of date, you have the right to amend or rectify such personal information. You also have the right to request that we erase your personal information, stop processing your personal information, restrict the processing of your personal information, and provide your personal information in a portable format. Where processing of personal information is based on your consent, you may withdraw your consent to such processing. This may not apply if there are other legal justifications to continue processing. You also may have a right to lodge a complaint with a relevant supervisory authority.

If you would like to exercise any of your data protection rights, please contact the appropriate data protection point of contact in the "Contact Us" section of this Privacy Statement. Please note that we may need you to prove who you are (including providing additional information from you) before we can act on your request.

CHILDREN

BCG understands the importance of protecting children's privacy, particularly in their online interactions. This Site is not designed for and does not intentionally target or solicit to children 18 years of age and younger.

CONTACT US

For further questions, or to exercise any of your data protection rights, you may contact the appropriate data protection point of contact:

Data Protection Office
Boston Consulting Group Inc.
200 Pier Four Boulevard
Boston, MA 02210
Contact Us

Germany
Data Protection Officer (Der Datenschutzbeauftragte)
Boston Consulting Group GmbH
Ludwigstrasse 21
80539 Munich Germany
Contact Us

CALIFORNIA ADDENDUM

This California Addendum applies to California residents and supplements the information provided above in the Privacy Statement. This California Addendum provides California residents with certain information under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CPRA”).

Collection, Disclosure, Selling, and Sharing of Personal Information

The following list details which categories of personal information we collect and process both online and offline, as well as which categories of personal information we disclose to third parties for our operational business purposes, including within the 12 months preceding the date this Privacy Statement was last updated. The list also details the categories of personal information that we “sell” and “share”, including within the preceding 12 months. BCG does not “sell” or “share” your personal information in exchange for monetary consideration. However, we may allow the third parties listed in our cookie policies to use cookies and related tracking technologies, such as pixels, to collect information about your visits to our Sites and use that information to deliver advertisements relevant to your interests. Information collected about you on our Sites by third parties could be combined with other information that you have provided to such third parties or that they have collected from your use of their services. Under the CPRA, these disclosures may constitute a “sale” when the personal information is exchanged for non-monetary consideration (anything of value) or “sharing” when the personal information is disclosed for cross-context behavioral advertising purposes.

  • We may “sell” and “share” the following categories of personal information with the third parties listed in our cookie policies for advertising, internal research, analytics, and development purposes:
    • Identifiers, such as name, IP address, and online identifiers
    • Geolocation data, such as approximate location derived from IP address
    • Internet or network activity information, such as browsing history of Sites, assets or prior visits, search history and interactions with our online properties
    • Inferences drawn from any of the personal information listed above to create a profile about, for example, an individual’s preferences or characteristics
  • We may disclose the following information with our affiliates and subsidiaries; third-party service providers; the third parties listed in our cookie policies; external legal, financial, and other professional advisors; legal authorities for operational business purposes:
    • Identifiers, such as name, IP address, online identifiers, address, email address, account name, telephone number, and other unique personal identifiers
    • Internet or network activity information, such as browsing history of BCG sites, assets or prior visits, search history and interactions with our online properties
    • Geolocation data, such as approximate location derived from IP address
    • Inferences drawn from any of the personal information listed above to create a profile about, for example, an individual’s preferences or characteristics or for statistics and visitor tracking
    • Audio, electronic, visual, and similar information
    • Professional or employment-related information
  • We may disclose your following information with our joint business partners for publications and co-organized events:
    • Identifiers, such as name and contact information

We may also disclose any of the categories of your personal information listed above to a third party in the event of any reorganization, financing transaction, merger, sale, joint venture, partnership, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).

Without limiting the foregoing, we do not knowingly “sell” or “share” the personal information, including the sensitive personal information, of minors under 16 years of age.

Categories of Sources of Personal Information

We collect this personal information directly from you, from your devices, and from third-party sources, such as public databases, joint marketing partners, and social media platforms, where permitted under applicable local laws.

Purposes for the Collection of Personal Information

We collect personal information to operate, manage, and maintain our business, to provide our products and services, and to accomplish our business purposes and objectives, including to:

  • Develop, improve, operate repair, and maintain our products and services
  • Provide support and respond to requests for information
  • Maintaining or servicing accounts or registrations
  • Advertise and market our products and services, and personalize user experiences
  • Conduct research, analytics, and data analysis
  • Operate and maintain our facilities and infrastructure
  • Undertake quality and safety assurance measures, and conduct security control and monitoring
  • Detect and prevent fraud and perform identity verification
  • Facilitate and implement any reorganization, financing transaction, merger, sale, joint venture, partnership, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings)
  • Maintain records, comply with law, legal process, and internal policies, and exercise and defend legal claims.

Personal Information Retention

The criteria used to determine how long we retain your personal information is set forth in the “Retention of Your Personal Information” section of our Privacy Statement.

Use or Disclosure of Sensitive Personal Information

We do not use or disclose your sensitive personal information outside of the following purposes: (1) performing our services, (2) detecting security incidents, (3) resisting malicious, deceptive, fraudulent, or illegal actions, (4) ensuring physical safety, (5) for short-term transient use, including certain non-personalized advertising, (6) maintaining or servicing accounts, providing customer service, or providing similar services, and (7) verifying and maintaining the quality or safety of a service or product or improving, upgrading, or enhancing a service or product. Accordingly, we do not provide the right to limit the use or disclosure of your sensitive personal information under the CPRA.

CPRA Rights

If you are a California resident, you, subject to applicable law, have the following rights regarding your personal information:

  • You have the right to know:
    • The categories of personal information we collected about you
    • The categories of sources from which we collected such personal information
    • The business or commercial purpose for collecting, selling, or sharing personal information about you
    • The categories of third parties to whom we disclosed your personal information
    • The specific pieces of personal information we have collected about you
  • You have the right to correct inaccuracies in your personal information
  • You have the right to have your personal information deleted, subject to certain exemptions
  • You may request to opt out of the “sale” or “sharing” of your personal information

You also have the right to not receive discriminatory treatment for exercising your rights under the CPRA. If you are a California resident, to exercise your rights regarding your personal information, contact us via datasubjectrights@bcg.com or call 1-866-I-OPT-OUT (1-866-467-8688) and enter service code 837# to leave us a message. We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the personal information subject to the request. We may need to request additional personal information from you in order to verify your identity and protect against fraudulent requests. If you make a request to delete, we may ask you to confirm your request before we delete your personal information.

In connection with certain Sites, you may opt-out of the “sale” or “sharing” of your personal information described above by sending certain browser enabled opt-out signals, such as the Global Privacy Control. You may learn more about how to set the Global Privacy Control here. In addition, in connection with certain Sites, you may opt-out of the “sale” or “sharing” of your personal information described above by visiting our “Do Not Sell or Share My Data” link located on the Site.

Authorized Agents

If an agent would like to make a request on your behalf as permitted under applicable law, the agent may use the submission methods noted in the section entitled “CPRA Rights”. As part of our verification process, we may request that the agent provide, as applicable, proof concerning their status as an authorized agent. In addition, we may require that you verify your identity as described in the section entitled “CPRA Rights” or confirm that you provided the agent permission to submit the request.