Privacy Policy

Last updated December 21, 2023

Daniel J. Edelman Holdings, Inc. and its affiliated companies worldwide (together these are "DJEH Group" and each is a "DJEH Affiliated Company" and referred to herein as the “Company”, “we”, “us” or “our”) are strongly committed to protecting your privacy.

 

Introduction to our Privacy Policy

As part of our commitment to our Global Privacy Principles, we protect the privacy of visitors to our websites (collectively, the “Website”), and users of our services (“users”), in each case in accordance with this Privacy Policy. We believe in transparency and provide this Privacy Policy to help you understand our privacy practices, and the choices and rights you have with how your Personal Information is collected and used. Please read this Privacy Policy carefully to understand how we will treat your information before you start to use our Website, our services, or communicate with us. By using our Website, our services, or communicating with us, you acknowledge that your Personal Information will be processed in accordance with this Privacy Policy, including any updates and amendments. Your use of our services is also subject to any applicable terms of use, including any terms available at Terms of Service | DJE Holdings ("Terms of Use").

How this policy works with our other privacy notices and policies

This Privacy Policy should be read together with our related policies and notices that apply to specific circumstances, such as our Online Human Resources Privacy Policy for DJEH Group job applicants, our Influencer Privacy Notice for journalists, social media influencers, members of the media, subject matter experts, and stakeholders (collectively, “influencers”) with whom we interact, and our Cookie Policy.

Where you make a request to, or enter into a contract with, a DJEH Affiliated Company then unless we notify you otherwise, that entity is the controller of your Personal Information processed in relation to that transaction. It is possible that another member of the DJEH Group will be identified to you as a data controller of your Personal Information in which case they will process your Personal Information in accordance with this Privacy Policy.

In certain circumstances, we may receive Personal Information about you from our clients where we provide services to them. Where we process this information as a processor on behalf of our client, collection and use of your information is subject to the client's privacy policy, not this Privacy Policy.

Information We Collect and How We Collect It

In terms of the type of information we collect, there are two basic types: Personal Information and non-Personal Information.

  • Personal Information is information that relates (directly or indirectly) to you. Specifically, we may collect and process, among other things, the following information about you:
    • Personal identifiers, such as your name, address, email address, telephone number.
    • Web use information, such as IP address, website, other unique identifiers associated with you, your computer or other mobile device, your internet or other electronic network activity.
    • Other information voluntarily provided to us by you when contacting us through the Website or responding to calls to action on the Website, e.g., user submissions, subscription requests, requests for further information about our services.
    • Information associated with or derived from other information about you that we process, such as, inferences.
  • Non-Personal Information is information that does not relate to you, such as aggregated, de-identified, or anonymous data. This type of information gives us insights regarding, for example, how visitors use the Website and which sections are of interest. This information is used for our commercial purposes, including to ensure the effectiveness of our Website, email communications and that marketing efforts continue to appeal to existing and potential clients and collaborators. Additionally, we may collect aggregate or anonymized demographic information while providing services to our clients, such as demographic information about an audience’s particular interests.

Information You Provide

We may collect Personal Information from you when you choose to provide it to us when you request information about our services, such as through the “contact us” feature, sign up for a newsletter, set up a voluntary user profile to post content within our forums or use any interactive feature. This information may include, without limitation, your name, physical address, and email address. Under such circumstances we will process this information consistent with this Privacy Policy.

Information We Obtain Through Our Services

We may collect Personal Information about you when you or a third party acting on your behalf engages with our services. Our services may involve contests, sweepstakes, promotions, surveys, or voting polls that we promote. Participation in these events is voluntary, but when you choose to engage with our services, we may collect Personal Information about you, such as your name, physical address, and email address to facilitate the event, event fulfillment, or communicate with you about other promotional events. These types of events often have their own supplementary privacy policy and terms which provide more detailed information about how your information is collected and used. Any such policy and terms shall prevail over this Privacy Policy.

Information From Third Parties and Publicly Available Sources

We may collect Personal Information about you and/or influencers from third parties (e.g. their employer) or from publicly available sources (e.g. Facebook, Instagram, Twitter, and LinkedIn) including via publicly available application programming interfaces provided by social media platforms). Collection from public sources may also be subject to our Influencer Privacy Notice.

Cookies and Other Tracking Technologies

Our Website may use tracking technologies such as “cookies” to provide visitors with tailored information upon each visit. Cookies are a common part of many commercial websites that allow small text files to be sent by a website, accepted by a web browser and then placed on your hard drive as recognition for repeat visits to the Website. Every time you visit the Website, our servers, through cookies, pixels and/or GIF files, collect basic technical information such as your domain name, the address of the last URL visited prior to clicking through to the Website, and your browser and operating system. We may also use third party analytical tools (e.g. Google Analytics) to analyze activities on and use of the Website to improve the navigation, content, and design of the Website. You do not need to enable cookies to visit the Website; however, some parts of the Website and some services may be more difficult or impossible to use if cookies are disabled. Some cookie files remain on your computer’s hard drive unless and until you manually delete the file. Please see our Cookie Policy for more information.

How We Use Your Personal Information

Consent

We may process your Personal Information where we have your consent to do so, such as communicating with you about an event you attended or campaign you were involved in. You have a right to withdraw your consent at any time but doing so may prevent us from providing a service to you or responding to a request that you have made.

To Perform a Contract with You

We may use your Personal Information to perform a contract with you or take steps at your request prior to entering into such a contract. This processing may include providing you with information, products, and services.

Legitimate Interests

We may process your Personal Information where necessary for our legitimate interests, those of another DJEH Affiliated Company or of another third party, including our clients, provided that these are not overridden by your interests or fundamental rights and freedoms. These legitimate interests may include processing where necessary to provide services to our clients; to protect and defend the rights, property or safety of a DJEH Affiliated Company, its partners, employees, affiliates, or clients or other users of the Website, or the public; to enforce the Terms of Use; to respond to claims related to your use of the Website; or in relation to the sale or potential sale of a DJEH Affiliated Company or one of its business units;. In particular, we may share your Personal Information within the DJEH Group where necessary for our legitimate interests.

Legitimate interests may also include use of your Personal Information for product development, algorithmic model improvement, and statistical analysis to improve our services and Website experience. For model development and statistical analysis, we make every reasonable effort to use anonymized or de-identified information where possible and have implemented best practices to limit the use of your Personal Information for analytic purposes.

Where we process your Personal Information on the grounds that it is necessary for any person's legitimate interest, we will confirm that these interests are not overridden by your interests or fundamental rights and freedoms.

For Fraud, Misuse Prevention, or Otherwise Required by Law

We may disclose your Personal Information including information about you or your use of the Website where permitted by law, including where necessary to protect the vital interests of an individual or to satisfy any applicable law, regulation, legal process or lawful governmental request.

Disclosure to Third Parties

We may provide your Personal Information to service providers where necessary as part of the management of the DJEH Group. We require all such third parties to respect the security of your Personal Information and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Information for their own purposes and only permit them to process your Personal Information for specified purposes and in accordance with our instructions

In addition to service providers, we may also disclose your Personal Information to the following categories of data recipients where necessary for any of the lawful purposes set out in this Policy:

  • Our clients
  • Marketing and advertising partners
  • Third parties to a business transaction, such as a merger, sale, liquidation, acquisition, reorganization, or other transfer of any our assets, whether as a going concern or part of a bankruptcy, liquidation, or similar proceeding
  • With the company or organization you represent upon their request
  • With you or other third parties at your express direction
  • Law enforcement, regulators, and other parties where permitted by law

How We Secure Your Personal Information

We understand that the security of your Personal Information is extremely important. Accordingly, we use appropriate administrative, physical, and technical safeguards to keep your Personal Information protected from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account cost, technology, the risks involved in the processing and the nature of the Personal Information. It is important to keep in mind, however, that no security measures are absolutely effective. Although we will apply appropriate measures to protect your Personal Information, we cannot guarantee the security of your Personal Information, and any transmission to us is at your own risk.

If you should become aware of any known or suspected incidents of unauthorized access to, use of, or disclosure of any Personal Information, you should report them immediately to the following email address: security@djeholdings.com. We investigate all reported claims of data incidents.

How We Retain Information We Collect

We store Personal Information for as long as necessary to provide services to you and our clients, to comply with legal obligations, or to administer our services, in each case in accordance with our data retention practices and policy. Because of the nature of developing and refining statistical models, this may involve retaining your information for a period after our underlying contract expires, but where possible, we keep this information in an aggregated, de-identified format. We review our data retention policies periodically and comply with all legal requirements. Your Personal Information is stored on servers and retained by or on behalf of the DJEH Group.

Children’s Privacy

We understand the need to protect the privacy of children. The Website is not intended for use by individuals under 16 years of age. We do not knowingly collect Personal Information from children under the age of 16 through our Website.

Our Website may contain links to other websites that we do not control. We are not responsible for any websites that we do not own or operate. You should carefully review the privacy policies and practices of other websites that you link to from the Website, as we cannot control or be responsible for their privacy practices.

Notice to California Residents: California Privacy Rights

California law provides residents of California a number of rights as they relate to personal information collected under circumstances specified by applicable law. These are the “right to know,” the “right to delete,” and the “right to opt out.” We do not “sell” “personal information” as these terms are defined and set forth under California privacy law.

Right to Know. You may request that we provide you specific pieces of personal information that we have about you; categories of personal information we have collected about you; categories of sources from which the personal information is collected; categories of personal information that we sold or disclosed for a business purpose about you; categories of third parties to whom the personal information was sold or disclosed for a business purpose; and the business or commercial purpose for collecting or selling personal information.

Right to Delete. California law gives residents a limited right to request deletion of their personal information. However, this right is limited by a number of exceptions, including processing personal information in the context of our role as a service provider to our clients. Fundamentally, if we have a permissible need to retain personal information, we are not under an obligation to delete such information, even when requested. Generally, we retain personal information so we may complete the transaction for which the personal information was collected, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between us and you; detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity; enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us; comply with a legal obligation; or otherwise use your personal information, internally, in a lawful manner that is compatible with the context in which you provided the information. As such, we generally do not accept requests to delete personal information in its entirety. However, we will respond to requests to remove personal information from some of our systems as a part of a request to close or otherwise disable a membership account.

Right to Opt Out. We may share personal information with clients or partners for marketing purposes. If the processing is outside of our role as a service provider, you may choose to opt out of the sharing of your personal information with third parties for marketing purposes by submitting a request as set forth below.

Designating an Authorized Agent. California law permits California residents to designate an agent to manage their rights under California law. If you would like to designate an agent to manage your privacy preferences, you may do so using the mechanisms noted below under “Exercising California Privacy Rights”.

Non-discrimination. California law does not permit us to discriminate against you because you exercised any your rights under this title, including, but not limited to, by: denying you access to goods or services; charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; providing a different level or quality of goods or services; suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.

Exercising California Privacy Rights. If you are a California resident and would like to exercise any of your rights please submit your request in writing to compliance@djeholdings.com or by using our CCPA Request Form. Please note that with respect to any request we reserve the right to seek additional personal information in order to verify your identity and your or your agent’s rights to the data subject to your request.

Cloud Services

Information provided through our Website, via our services or when communicating with us about them, may be stored on a cloud based service and/or transferred to or accessed globally. By providing information in this manner, you consent to the transfer, processing and/or use of the information globally throughout the DJEH Group. Wherever the information is transferred or accessed within the DJEH Group it will be processed and used in accordance with this Privacy Policy.

Processing Subject to EU and UK Data Protection Rules

Applicable data protection rules (particularly those of the EU and UK) restrict the transfer of Personal Information to jurisdictions that do not have levels of protection that are deemed adequate. Where necessary we rely on Standard Contractual Clauses approved by the EU Commission and the UK Government (“SCCs”) to permit the transfer of Personal Information among members of the DJEH Group, and with our clients. We require all service providers who may process personal data across borders to execute SCCs where necessary. We maintain policies and procedures designed to assess the risks associated with the processing of Personal Information and protect Personal Information in a manner calculated to address those risks in jurisdictions such as the United States where the data privacy laws are deemed to be inadequate so that the protection in the United States is equivalent to the protections afforded data subjects in their country of origin.

Daniel J. Edelman Holdings, Inc. has self-certified with the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries in connection with the EU-US Data Privacy Framework Principles ("Privacy Framework Principles") as part of the Privacy Framework Program. While this certification, in and of itself, is not considered by the EU and UK authorities to provide an adequate level of protection, Daniel J. Edelman Holdings Inc nonetheless considers that compliance with the Privacy Framework Principles provides a level of protection with regard to the processing of personal data and transparency with regard to our data processing standards. To learn more about the Privacy Framework Program, and to view Daniel J. Edelman Holdings, Inc.’s certification, please visit https://www.dataprivacyframework.gov/s/.

We comply with all SCCs that we have entered into and any supplemental measures required by applicable law as well as the Privacy Framework Principles for all transfers of Personal Information from the EEA and UK, including the onward transfer liability provisions. When we provide your Personal Information to service providers, this is done under a contract which requires the companies to, among other things, use the Personal Information only for the limited purposes for which it is provided to them in providing services to us, not to transfer the Personal Information to another party without our approval, and to agree to hold the Personal Information securely and confidentially in accordance with this Privacy Policy, applicable law and the Privacy Framework Principles.

Internal and Independent Recourse Mechanisms

We commit to resolve complaints about our collection or use of your Personal Information in accordance with applicable law. We will cooperate in investigations by, and comply with the advice of, appropriate EU and/or UK data protection authorities (“DPA”) in managing any dispute. Further, we are also subject to the applicable investigatory and enforcement powers of the U.S. Federal Trade Commission. If you have questions or complaints regarding the use or disclosure of Personal Information in compliance with the principles of this Privacy Policy, you should contact us first at the contact noted below. If contacting us does not resolve your concern or complaint, you may raise your complaint with the relevant DPA where you live or work (see http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm for contact information or refer to www.ico.org.uk for the UK) or other applicable regulator. A binding arbitration option is available in the event that residual complaints related to EU- or UK- compliance are not resolved by any other means.

This Privacy Policy does not create or confer upon any individual any rights or impose upon us any rights or obligations outside of, or in addition to, any rights or obligations imposed by the privacy laws applicable to such individual's Personal Information. Should there be, in a specific case, any inconsistency between this Privacy Policy and such privacy laws, this Privacy Policy shall be interpreted, in respect of that case, to give effect to, and comply with, such privacy laws.

Notification of Changes

As we provide more services and/or functionality on our Website and as privacy laws and regulations evolve, it may be necessary to revise or update our Privacy Policy. Please check for updates when you visit the Website. We show the date of the most recent version of the website so that you will know when the Privacy Policy has been most recently updated.

Accessing and updating your information; Limiting or Opting-out

Where the EU, UK or other relevant data protection rules provide, you have the right (subject to any limitations set out in the applicable laws) to:

  • Access your Personal Information
  • Request correction of your Personal Information, though we may need to verify the accuracy of any new data you provide.
  • Request erasure of your Personal Information in certain situations.
  • Object to processing of your Personal Information where we are relying on a legitimate interest in certain situation.
  • Object to processing your Personal Information for direct marketing purposes.
  • Request restriction of processing of your Personal Information in certain situations.
  • Request the transfer of your certain of your Personal Information to you or a third party.
  • Withdraw any consent you gave to processing your Personal Information.

If you would like to exercise any of these rights, you may contact us at compliance@djeholdings.com. Similarly, Website users who wish to subscribe or unsubscribe to our marketing and informational communications or limit our use of any Personal Information in any way may do so by using the subscribe/unsubscribe options contained in our emails or by sending an email to compliance@djeholdings.com. We will comply with all legal requirements as it relates to a valid legal request. To verify your identity, we may also ask for additional information to authenticate your request. In some circumstances we will not be able to limit use of your Personal Information without unsubscribing you from communications or deleting your information.

How to Contact Us

CONTACT INFORMATION: Please direct all requests, questions or concerns related to this Privacy Policy or your Personal Information (with the exception of potential security breaches as noted above) to compliance@djeholdings.com.

Operating Entities