This is the Privacy Statement and Policy (“Privacy Statement”) for Boston Consulting Group, Inc. and its affiliates ("BCG"). This Privacy Statement was last updated in December 2022. For more detail on BCG's international operations please see https://www.bcg.com/offices/default.
BCG understands that your privacy is important. BCG is committed to protecting your privacy and personal information you provide or as you access and use materials on BCG.com or other BCG websites (the "Site"), including the Site subscription pages or other websites or apps that post a link to this Privacy Statement. In addition, information that you submit to BCG in response to an email request for information or other outreach from BCG, will be treated in accordance with this Privacy Statement. If you are a California resident, please see the California Addendum at the end of this Privacy Statement for further details on how we handle your information and how to exercise your rights.
BCG may, in its discretion, amend this Privacy Statement from time to time. To ensure you are able to remain informed about the information we collect and how we use it, material changes to our statement will be reflected here. This Site may contain links to external sites which are not governed by this Privacy Statement. BCG does not take responsibility for the privacy practices of any third-party sites to which we link. We encourage you to review the privacy policies of any such sites before you submit information there.
Please read this Privacy Statement carefully. By browsing the Site or expressly consenting, where required under applicable privacy laws, you agree to be bound by this Privacy Statement.
What information do we collect?
Account and Subscription
BCG collects information from you when you create your account for the Site, request copies of publications, subscribe for email newsletters and press releases, seek additional information regarding our services, and for marketing communications (via emails, social media platforms) from BCG based on your consent, where required under applicable privacy laws.
Personal information that we collect includes names, addresses, e-mail addresses, phone numbers, IP, geo location, subject areas of interest and/or demographic information.
If you do not provide such information, you may not be able to create an account for the Site, request copies of publications, subscribe for email newsletters and press releases, seek additional information regarding our services or employment opportunities.
Surveys and events
BCG collects information if you register for conferences and other BCG-sponsored events, and/or take part in surveys run by BCG.
Personal information that we collect includes names, e-mail addresses, IP, unique personal identifiers, subject areas of interest and/or demographic information.
In addition, we sometimes aggregate demographic information, and the types of systems and browsers of users BCG also may conduct user surveys on the Web or use technologies to provide BCG with information on a number of areas, such as user identity, user viewing habits, whether or not users found what they were searching for, whether the Site content is relevant to user needs, and the like.
How do we use personal information?
The purposes and uses of your personal information will depend on the use of the Site and the personal information provided. We process your personal information:
In order to use the Site, where applicable, you may need to authenticate with the third-party provider Okta Inc. (301 Brannan St Ste 300, San Francisco, CA 94107) with your personal username and a personal password. To do this, you will need to download the Okta Verify app and perform the authentication process. The regulations and data protection declaration of Okta, Inc. apply. We have no influence on and are not responsible for the data collection by Okta Inc. Your data will be processed exclusively for the purpose of authentication. After successful authentication you will receive personal access to our app.
The third parties with whom we may need to share personal information to help us provide services and products to you and to run our Site include:
Because BCG is a global organization, we may need to transfer personal information which is collected on the Site or through other means as described under this Privacy Statement across the BCG group of companies (http://www.bcg.com/about/offices/default) to help operate our business efficiently. This also includes third parties located in different countries around the world, including outside of the EEA, Switzerland, and the UK. These arrangements may involve your personal information located in various countries around the world BCG maintains and stores personal information in systems and applications located in Europe as well as USA where privacy laws differ. The personal information is only accessible by authorized persons or vendors who are bound by privacy requirements, and we only make these arrangements or transfers where we are satisfied that adequate levels of protection are in place to protect information held in that country. In addition, the Site may be viewed and accessed anywhere in the world including countries that may not have laws regulating the use and transfer of personally identifiable information.
BCG retains your personal information for so long as is necessary to fulfil the purpose for which it was collected. The criteria used to determine our retention periods include:
In our marketing communications with you we monitor and comply with applicable data privacy laws and if, at any time, you prefer not to receive further communications from us in any or all forms you will have the ability to unsubscribe from such communications by means of a link provided in every e-mail that is sent to you by us. When subscribing to BCG e-mail newsletters, you are given the opportunity to select which promotions, news, and information you would like to receive at the time of sign up, and you will have the opportunity to unsubscribe from such communications.
BCG has in place appropriate technological and operational security processes designed to protect personally identifiable information from loss, misuse, alteration, or destruction. Only authorized employees and contractors will have access to any data provided by you, and that access is limited by need. Each employee or contractor having access to any personally identifiable information is obligated to maintain its confidentiality. Although we take steps that are generally accepted as industry standard to protect your personally identifiable information, BCG cannot guarantee that your personally identifiable information will not become accessible to unauthorized persons and BCG cannot be responsible for any actions resulting from a breach of security when information is supplied over the internet or any public computer network. To view security commitments specific to BCG GAMMA products, click here.
This Site contains links to other Web sites that are not operated by BCG.
BCG is not responsible for the privacy practices or the content of any non-BCG web sites to which we link from the Site. We are not responsible for the protection and privacy of any information you provide whilst visiting other websites and sites not governed by our Privacy Statement. We cannot control the content or security of such websites. We cannot be held responsible for any loss or damage incurred by a user as a result of visiting such websites. No links are intended to be, nor should be construed as, an endorsement of any kind by us of that other website.
BCG complies with all applicable data privacy laws. BCG may be compelled to surrender personal user or customer information to legal authorities if presented with a court subpoena or similar legal or administrative order, or as required or permitted by the laws, rules and regulations of any nation, state or other applicable jurisdiction. Also, in the event of a violation of the terms and conditions of use of the Site or a violation of any restrictions on use of materials provided in or through the Site, we may disclose personal user information to our affected business partners or legal authorities.
In accordance with applicable data privacy laws, including but not limited to the GDPR and the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), you have a right to request a copy of the personal information we hold about you and details of how we use that information. If any of the information held about you is incorrect or out of date, you have the right to amend or rectify it, please follow the process outlined below and we will amend our records where appropriate. You also have the right to request that we erase your personal information, stop processing your personal information, restrict the processing of your personal information, and provide your personal information in a portable format. Where processing is based on your consent, you may withdraw your consent to processing. This may not apply if there are other legal justifications to continue processing. If you think we may have incorrect personal information, or would like a copy of the personal information we hold on you, or to exercise any other data protection right, please contact us. Please note that we need you to prove who you are before we can provide you with any information.
You also have a right to lodge a complaint with a relevant supervisory authority.
BCG understands the importance of protecting children's privacy, particularly in their online interactions. This Site is not designed for and does not intentionally target or solicit to children 18 years of age and younger.
Your access to and use of the Site are subject to this Privacy Statement and certain other terms and conditions, contained in our Terms and Conditions of Use.
For further questions you may contact the appropriate data protection point of contact:
Data Protection Office
Boston Consulting Group Inc.
200 Pier Four Boulevard
Boston, MA 02210
Data Protection Officer (Der Datenschutzbeauftragte)
Boston Consulting Group GmbH
80539 Munich Germany
This California Addendum applies to California residents and supplements the information provided above in the Privacy Statement. This Addendum does not apply to our job applicants, employees, or contractors where the personal information we collect about those individuals relates to their current, former, or potential role with us.
Collection, Disclosure, and Sharing of Personal Information
The following list details which categories of personal information we collect and process both online and offline, as well as which categories of personal information we disclose to third parties for our operational business purposes, including within the 12 months preceding the date this Privacy Statement was last updated. The list also details the categories of personal information that we “share” for purposes of cross-context behavioral advertising, including within the preceding 12 months.
We may also disclose your personal information to a third party in the event of any reorganization, financing transaction, merger, sale, joint venture, partnership, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
We do not sell and have not sold personal information, including your sensitive personal information, in the preceding 12 months. Without limiting the foregoing, we do not sell the personal information, including the sensitive personal information, of minors under 16 years of age.
Sources of Personal Information
We collect this personal information directly from you and from third-party sources, such as public databases, joint marketing partners, and social media platforms, where permitted under applicable local laws.
Purposes for the Collection, Use, or Sharing of Personal Information
We collect, use, or share personal information to operate, manage, and maintain our business, to provide our products and services, and to accomplish our business purposes and objectives, including to:
Purposes for the Collection and Use of Sensitive Personal Information2
We may use sensitive personal information of account log-in, password, or credentials allowing access to an account which qualify as sensitive personal information for purposes of performing services for our business, providing goods or services as requested by you, ensuring security and integrity, short term transient use such as displaying first party, non-personalized advertising, order processing and fulfilment, servicing accounts, providing service, verifying client information, and activities relating to quality and safety control or product improvement.
You may, subject to applicable law, make the following requests:
We will not unlawfully discriminate against you for exercising your rights under applicable privacy law. To make a privacy request, contact us via firstname.lastname@example.org or call 1-866-I-OPT-OUT (1-866-467-8688) and enter service code 837# to leave us a message. We will verify and respond to your request consistent with applicable law, taking into account the type and sensitivity of the personal information subject to the request. We may need to request additional personal information from you, such as copy of your driver’s license, utility bill in order to verify your identity and protect against fraudulent requests. If you make a request to delete, we may ask you to confirm your request before we delete your Personal Information.
To request to opt out of any future sharing of your personal information for purposes of cross-context behavioral advertising, click here.
If an agent would like to make a request on your behalf as permitted under applicable law, the agent may use the submission methods noted in the section entitled “Individual Requests.” As part of our verification process, we may request that the agent provide, as applicable, proof concerning their status as an authorized agent. In addition, we may require that you verify your identity as described in the section entitled “Individual Requests” or confirm that you provided the agent permission to submit the request.
Where we maintain or use de-identified information, we will continue to maintain and use the de-identified information only in a de-identified fashion and will not attempt to re-identify the information.
2. CPRA defines sensitive personal information as personal information that reveals an individual’s social security, driver’s license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, citizenship, immigration status, or union membership; the contents of mail, email, and text messages unless BCG is the intended recipient of the communication; genetic data; The processing of biometric information for the purpose of uniquely identifying an individual; Personal information collected and analyzed concerning an individual’s health; and Personal information collected and analyzed concerning an individual’s sex life or sexual orientation.