Huron Consulting Group Inc. and its subsidiaries: Huron Consulting Services LLC; Huron Advisors Canada Limited; Huron Eurasia India Private Limited; Huron Managed Services LLC; Huron Transaction Advisory LLC; Innosight Consulting, LLC; Innosight Consulting Asia-Pacific Pte. Ltd; Innosight Consulting SARL; Pope Woodhead and Associates Limited; and, The Studer Group, L.L.C. (“Huron” or “we” or “our” or “us”) are committed to protecting your privacy when you interact with us.
This Privacy Statement (“Privacy Statement or “Statement”) sets out the privacy practices for Huron with respect to Personal Data and Personal Information (which means any information that relates to, identifies, describes, or can be reasonably associated or linked with a natural person or household) we obtain from and about individuals interacting with Huron and its websites, mobile applications, and services. All Personal Data that we collect, other than information collected in the employment context, is subject to this Privacy Statement.
If you are a resident of California, please see the section below titled, “Additional Information for Residents of California.”
If you are located in the European Union (“EU”), United Kingdom (“UK”), Switzerland, or where applicable EU data protection laws so provide, please see the section below titled, “Additional Information for Individuals Located in Europe.”.
Types of Personal Data Collected
The type of Personal Data we collect depends on how you use this website or interact with Huron.
When you visit our publicly available website, we may collect the following types of information, including Personal Data, from you:
- Contact information
- Event registrations and preferences
- Feedback and reviews or request for support
- Activities, interactions, preferences, transactional information and other computer and connection information (such as IP address) relating to the use of our website and our services
When you conduct business with Huron, we may collect the following types of Personal Data:
- Contact information
- Financial and billing information
- Event registrations and preferences
- Feedback and reviews or request for support
- Activities, interactions, preferences, transactional information and other computer and connection information
- Resumes and information relevant to our market research activities that: you provide to us directly; we receive about you from referrals; or we collect from publicly available sources and websites
If you are being considered for employment with Huron, we may collect and process the following types of Personal Data:
- Resume, application, candidate profile, or interview logistics information during the recruiting process. The sources of employment application information include yourself (when you provide information directly to us, for example, through our job postings portal on this website), publicly available information (such as information on job posting websites), and external recruiting sources (such as professional recruiting or placement agencies)
Huron also collects Personal Data from other Huron entities (including those listed at the beginning of this Statement). In addition, Huron may collect Personal Data from service providers who provide services to us, such as web analytics providers.
How We Use Personal Data
Huron collects and uses Personal Data for our legitimate interests as set out herein, or based on your consent (in which case we would ask you separately to provide your consent to a particular processing activity) through:
- Personalizing information about our services
- Personalizing your experience on our website, such as providing recommendations based on your industry or past behavior on the website
- Providing services, training and education, tools (such as Huron Software accelerators), products (such as books), and support to our customers, which may also be necessary for the performance of a contract with you
- Conducting business with our suppliers and other entities, including market research activities
- Considering candidates for job vacancies with Huron entities, including all elements of the procedure leading up to making a decision whether to offer, subject to any appropriate background checks, the applicant a position. Some job applicant data processing may also be necessary to comply with legal obligations
- Providing online education for teaching certificates and arranging temporary placements to enable students of such programs to obtain practical experience
- Other purposes disclosed at the time of collection or otherwise compatible with the above and applicable law
In instances where information is transferred to Huron through a client data controller and Huron is acting as the processor, the processing is necessary for the performance of a contract or for our legitimate interest to provide the requested services to our clients. Huron will assist the client data controller in complying with its legal obligations and the Privacy Shield Principles, discussed below in the International Transfers of Your Personal Data section, where applicable.
With Whom We Share Personal Data
Huron may share Personal Data we collect with the following entities and for the following purposes:
- Subsidiaries who process Personal Data on behalf of Huron for the purposes of supporting and providing services to our customers
- Service providers contracted to provide services on behalf of Huron for discrete business purposes such as provision of IT related services, event planning, talent recruiting, market research interviewees and providers, and travel services
- Other corporate entities when a business transaction occurs such as a merger or acquisition
- Entities with whom Huron works in providing a service, such as educational establishments with whom Huron collaborates to provide training and certification, and organizations at which Huron arranges for students to obtain practical experience
Huron may disclose Personal Data in special cases when we have a good faith belief that it is necessary: (a) to conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements; (b) to protect and defend our rights or property; (c) to enforce the website Terms and Conditions; or (d) to protect the interests of our users or others.
Retention of Data
We will keep your Personal Data as reasonably necessary to fulfill the purposes for which Personal Data is collected as stated herein; for as long as is necessary for the performance of the contract between you and us, if any; and to comply with legal and statutory obligations, such as those required by tax, trade and corporate laws. When we no longer need your Personal Data for our purposes, we will destroy, delete or erase that Personal Data or convert it into an anonymous form.
Choice You Have About How Huron Uses Your Personal Data
We strive to provide you with as many choices and as much control as possible regarding the Personal Data you provide to us.
If you have questions, complaints or concerns regarding this Privacy Statement or wish to access your Personal Data, or update, change or remove your Personal Data, please contact firstname.lastname@example.org, or send mail addressed to:
Huron Consulting Group Inc.
Attn: Chief Privacy Officer
550 W Van Buren St, Chicago IL 60607
If you wish to opt out of receiving marketing or other communications, you can either respond using the opt out button in the relevant communication, or by contacting us by one of the methods listed above.
How Huron Protects Your Personal Data
Huron takes reasonable and appropriate measures to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the data.
This website may contain links to or from other websites. Please be aware that we are not responsible for the privacy practices of other websites. This Privacy Statement applies only to the information we collect on this Site or as otherwise described herein. We encourage you to read the privacy notices of other websites you link to from our Site or otherwise visit.
This website is not intended for children under the age of 13. We will not knowingly collect information from website visitors in this age group. By using the Site, you represent that you are age 13 or over. If you believe that a child may have provided his or her Personal Data to us, please contact us using the contact information at the end of this Statement. In the event we become aware that we have collected Personal Data from a child under the age of 13, we will dispose of that Personal Data immediately.
Additional Information for Residents of California
This supplemental section of Huron’s Privacy Statement is directed at and applies to a limited subset of individuals who interact with Huron, who are verifiable residents of the state of California, and who are not otherwise exempted from the California Consumer Privacy Act (CCPA). Huron is largely not subject to the requirements of the CCPA given the nature of our business (i.e., primarily business-to-business transactions as described below).
If you are a resident of California, who is neither (a) an employee, owner, director, officer, or contractor of an organization (i.e., company, sole proprietorship, non-profit, or government agency) whose communications or transactions with us occur solely within the context of us conducting due diligence regarding, or providing or receiving a product or service to or from your organization), or (b) a job applicant, you have the following specific additional privacy rights under the law:
- Right to request access to personal information. California residents have the right to request that we disclose to them the categories and specific pieces of personal information we have collected about them. Upon submission and our receipt of a verifiable consumer request, and not more than twice in a 12-month period, we are required to provide such information directly to California consumers (if it is not already provided here or in another notice).
- Right to request deletion of personal information. California residents have the right to request that we delete any personal information about them which we collected from them. Our obligation to delete personal information is limited by the law, and we are not required or able to comply with requests in all instances; for example, if it is necessary for us to maintain personal information in order to complete a transaction with the consumer, detect or protect against security incidents or other illegal or deceptive activity, exercise our free speech or other rights provided by law or protect the lawful rights of another consumer, comply with other legal obligations, or enable internal uses of the personal information in a lawful manner compatible with the context in which the consumer provided the information or would expect it to be used based on their relationship with us. For the full list of exceptions, see Cal. Civ. Code § 1798.105.
- Right to request disclosure of what personal information we process, the source of it, the business or commercial purpose for processing it, and with whom (e.g., service providers) we share it. California residents have a right to request that we disclose to them (if we have not already in this or another notice): the categories of personal information collected about them, the categories of sources from which it was collected, the business or commercial purpose for collecting it, the categories of third parties (e.g., service providers) with whom we share it, and the specific pieces of personal information collected about them. A large portion of that information is provided here in this Privacy Statement, and we may direct you back here to make note of that information. It should also be noted that the disclosure right related to specific pieces of personal information is not absolute, and it is our responsibility to protect that sort of information from unauthorized Please refer to the sections below on How to Submit and What to Expect for more information about the process.
- Right to know that we do not “sell” personal information. We have not sold (neither under the ordinary meaning of the term “sale,” nor under the CCPA’s definition of “sale”) consumers’ personal information in the preceding 12 months.
How to Submit a Request to Exercise your CCPA Rights
If you are a consumer and resident of California who is not a job applicant or individual involved in business-to-business communications and transactions with Huron (as described in the Your California Consumer Privacy Rights section above), and you wish to exercise one of your CCPA rights, please send an email to email@example.com and include your name, your specific request, and a preferred contact method (e.g., email or mail) for us to follow up with you.
You may call 1-866-229-8700 (toll-free) and ask to be connected with Christopher Hoff, Huron’s Chief Privacy Officer. Ultimately though, we will instruct and require you to submit your request in writing, for us to keep appropriate records, and because the law requires us to respond to you in writing. Please start by contacting us at firstname.lastname@example.org to expedite the process.
Please see the section below for what to expect once you contact us.
What to Expect When you Submit a Request to Us
We are a professional services firm, dealing almost exclusively with other companies, as opposed to directly with consumers as that term is usually understood, in business-to-business transactions; and the protection of our clients’ information (past, present, and future) is paramount to our corporate values and our privacy program.
We take data security, in addition to privacy, very seriously, and California law is clear on the need for businesses to protect all consumers from fraudulent requests made by someone other than the actual individual.
We mention this to prepare you for the fact that if you request from us specific pieces of personal information collected about you, we will do whatever is reasonably necessary (as the law allows and requires) to verify that you are who you say you are; and as such, you should expect a thorough and personalized vetting process from us to ensure that we do not provide one individual’s personal information to an imposter. The process may take 45 days (or longer when reasonably necessary) depending on the request, and consistent with our obligations under the law.
Personal Information We Collect About Consumers
We have collected the below categories of personal information about consumers in the past 12 months.
In the table below, we have used the CCPA categories of Personal Information and provided basic explanations in plain English for each of those categories. Our responses are divided below into the three broad categories of individuals (or “consumers”) with whom we work every day, and to whom this Privacy Statement applies: (1) leads (a/k/a potential clients/customers), (2) clients/customers, and (3) job applicants.
Not everything below will apply to you, because we have different relationships with different individuals. Our Privacy Statement should be read and understood in the reasonable context of your particular relationship with Huron.
|CCPA Categories of Personal Information||Does Huron Collect that for Leads?||Does Huron Collect that for Clients/Customers?||Does Huron Collect that for Job Applicants?|
|A. Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.||Yes. We collect identifying information about leads who interact with us online, for example, (a) online or IP identifiers or email addresses for potential clients and customers who interact with us online, and (b) names and addresses for organization contacts at potential client organizations.||Yes. We know the identities of our clients and customers and maintain interest and transactional records that would be expected of a professional services firm with business clients and customers. We also receive and process personal information from or on behalf of our clients and customers (about their own customers, clients, employees, market research participants, etc.) when we perform services for them and otherwise act as a service provider to them.||Yes. We know the identities of those who apply for employment with Huron. This is the only group that we are likely to collect some of the more sensitive categories of identifiers from (in order to screen and properly identify them in accordance with employment law), such as social security number, driver’s license number, or similar identifiers.|
|B. Any categories of personal information described in subdivision (e) of Section 1798.80 (i.e., any information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information)||Yes. Same as above. We collect what you would expect us to collect in the context of your relationship with Huron, even though we do not collect all of the information listed in this category for everyone.||Yes. Same as above. We collect what you would expect us to collect in the context of your relationship with Huron, even though we do not collect all of the information listed in this category for everyone.||Yes. Same as above. We collect what you would expect us to collect in the context of your relationship with Huron, even though we do not collect all of the information listed in this category for everyone.|
|C. Characteristics of protected classifications under California or federal law (subject to change under the law, but for example: race, color, sex, gender identity and expression, sexual orientation, age, religion, national origin, disability, citizenship status, and genetic information).||No.||No.||Maybe. This information may be passively collected if for example a job applicant discloses it in an employment application (e.g., a Huron job applicant states or implies their race, sex, sexual orientation, religion, or other protected characteristic by listing an affiliation that implies inclusion in a protected classification on their resume or application). Huron does not actively collect this information, unless and until it is part of the equal employment opportunity data recordkeeping process.|
|D. Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||Yes. We may collect this information about leads in order to develop new business with organizations and individuals who may be interested in or have expressed an interest in Huron. We are primarily a business-to-business organization, and as such we are concerned with organizational habits and needs, far more than individual consumer habits and needs.||Yes. We collect and retain this information about organizational clients and customers because it helps us provide tailored goods and services.||No.|
|E. Biometric information.||No.||Probably not. However, it is possible within the reasonable context of our relationship with clients that as a professional services firm, Huron may be providing consulting or other services that relate to the client’s own biometric information systems, and may result in Huron having tertiary access to such information that belongs to the client.||No.|
|F. Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement.||Yes. Huron may have information regarding a lead’s interaction with an Internet website (e.g., Huron’s or other websites), application (e.g., Huron’s SaaS offerings), or advertisement (e.g., Huron’s advertisements). We may collect information related to internet activity attributable to other organizations (i.e., activity attributable to another organization’s known IP addresses for example, rather than individual or household activity) to inform our marketing strategies.||Yes. Huron may have information regarding a client or customer’s interaction with an Internet website (e.g., Huron’s or other websites), application (e.g., Huron’s SaaS offerings), or advertisement (e.g., Huron’s advertisements). We may collect information related to internet activity attributable to other organizations (i.e., activity attributable to another organization’s known IP addresses for example, rather than individual or household activity) to inform our marketing strategies.||Yes. Huron may have information regarding an individual job applicant’s interaction with an Internet website (e.g., Huron’s recruiting website), application (e.g., Huron’s recruitment portal), or advertisement (e.g., Huron’s job postings).|
|G. Geolocation data.||Maybe. Huron may know the location from where your computer or device is accessing our website in order to provide local content and offerings and to prevent fraud or misuse of our electronic properties.||Maybe. Huron may know the location from where your computer or device is accessing our website in order to provide local content and offerings and to prevent fraud or misuse of our electronic properties.||Maybe. Huron may know the location from where your computer or device is accessing our website in order to provide local content and offerings and to prevent fraud or misuse of our electronic properties.|
|H. Audio, electronic, visual, thermal, olfactory, or similar information.||Not much, and only what you would expect. For example, physical security, including CCTV at physical Huron office locations may collect audio, electronic, and visual information for a time on security systems, but would be used for security purposes and then overwritten after a set period of time. We electronically monitor the use of our website, but both the technology and our policy prohibit the capturing of personal information in such monitoring and the attribution of website activity to individuals.||Not much, and only what you would expect. For example, physical security, including CCTV at physical Huron office locations may collect audio, electronic, and visual information for a time on security systems, but would be used for security purposes and then overwritten after a set period of time. We electronically monitor the use of our website, but both the technology and our policy prohibit the capturing of personal information in such monitoring and the attribution of website activity to individuals.||Not much, and only what you would expect. For example, physical security, including CCTV at physical Huron office locations may collect audio, electronic, and visual information for a time on security systems, but would be used for security purposes and then overwritten after a set period of time.|
|I. Professional or employment-related information.||Yes. Because we are a professional services firm serving other business organizations, and some individuals directly, we do collect professional and employment-related information as part of the lead generation or business development process, as you would expect.||Yes. Because we are a professional services firm serving other business organizations, and some individuals directly, we do collect professional and employment-related information as part of the client management process, client service process (e.g., market research and other services provided to or on behalf of other businesses), and additional business development, as you would expect.||Yes. Most job applicants provide this information on their application or we otherwise receive it (e.g., from recruiters or public professional networking and job sites) during the recruiting process.|
|J. Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99).||No.||Usually not. However, in the context of our TeacherReady Online Certification program we may process education information. And as with certain other categories, it is possible within the reasonable context of our relationship with clients that as a professional services firm, Huron may be providing consulting or other services that relate to the client’s own education information systems, and may result in Huron having tertiary access to such information that belongs to the client.||Yes. As part of the ordinary job applicant background check process, we may collect education information, such as degree confirmations or degree transcripts.|
|K. Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||Not really at the consumer level, as much as the organization-level. Huron’s marketing efforts are principally focused on figuring out what organizations need and then providing relevant professional services to those organizations (as opposed to targeting and profiling consumers individually to influence their consumer purchases). That means that we are profiling potential client organizations. However, a necessary part of marketing and business development usually includes reaching out to individuals who represent their organizations. In order to do that we have marketing and business development operations and Customer Resource Management systems with information contained therein that you would expect from a B2B professional services firm.||Not really at the consumer level, as much as the organization-level. Huron’s marketing efforts are principally focused on figuring out what organizations need and then providing relevant professional services to those organizations (as opposed to targeting and profiling consumers individually to influence their consumer purchases). That means that we are profiling potential client organizations. However, a necessary part of marketing and business development usually includes reaching out to individuals who represent their organizations. In order to do that we have marketing and business development operations and Customer Resource Management systems with information contained therein that you would expect from a B2B professional services firm.||Not really. We don’t collect inferences to create a profile, but, as is the case with every organization, we do have a recruitment file for job applicants, and we are trying to determine whether any particular applicant is a good fit for Huron.|
Regarding any of the above categories of personal information that we process, Huron may disclose that information for a business purpose. Huron uses service providers, like all organizations. And those service providers may process Personal Information for operational purposes – such as detecting or protecting against security incidents, auditing, and performing services on behalf of Huron. For personal information that belongs to our clients, if the clients allow us to use “subcontractors,” then we may be disclosing personal information to those subcontractors which are acting as service providers, as part of our contractual performance on behalf of clients.
Additional Information for Individuals Located in Europe
This supplemental section of Huron’s Privacy Statement is directed at and applies to individuals located in the European Union (“EU”), United Kingdom (“UK”), Switzerland, or where applicable EU data protection laws (e.g., the General Data Protection Regulation (“GDPR”)) applies.
By using the website or providing Personal Data to Huron, your Personal Data may be transferred to the United States, where Huron is headquartered, or to other Huron locations where we carry out our support activities. Your country’s laws governing data collection and use may differ from those in the United States or other Huron locations. For example, the data protection laws of the United States, India, and most other countries have not been found by the European Commission to provide the same level of protection as EU data protection law. Some of the entities with whom we share your Personal Data are also located in countries whose laws have not been deemed by the European Commission to provide the same level of protection to your Personal Data. Only a small number of countries have been officially recognized by the European Commission as providing an adequate level of protection (list available here). Transfers to Huron entities and others located in countries outside the European Economic Area (“EEA”), UK, or Switzerland take place using an acceptable data transfer mechanism, such as the Swiss-U.S. Privacy Shield for transfers from Switzerland to self-certified U.S. organizations, the EU Standard Contractual Clauses, Binding Corporate Rules, approved Codes of Conduct and Certifications or in exceptional circumstances on the basis of permissible statutory derogations. Please contact
the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. Huron is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
If you are in the EU, UK, or Switzerland, you have the right to access the Personal Data we possess and direct us to correct, amend or delete that information where it is inaccurate or has been processed in violation of the Privacy Shield Principles, as appropriate, in accordance with the Access Principle. Huron may limit or deny access consistent with the Privacy Shield Principles.
When we receive written complaints submitted as instructed above, we will follow up with the person who made the claim. If you have a complaint or concern, please contact us and we will attempt to resolve it. If we are unable to do so, we have designated JAMS, a worldwide provider of alternative dispute resolution services, as our independent recourse mechanism to address complaints and provide appropriate recourse free of charge to individuals covered by the Privacy Shield. The website for submitting complaints which have not been resolved directly by Huron can be found here. Individuals covered by the Privacy Shield may seek binding arbitration for limited types of claims. For additional information about the Privacy Shield arbitration process, please visit the Privacy Shield website at Privacy Shield Arbitration. If a service provider providing services to Huron processes Personal Data from the EU, UK, or Switzerland that is subject to the Privacy Shield in a manner inconsistent with the Privacy Shield Principles, Huron will be liable unless we can prove we are not responsible for the event giving rise to the damages.
Access. You have the right to obtain from us confirmation if your Personal Data is being processed and certain information in this regard.
Rectification. You have the right to request the rectification of inaccurate Personal Data and to have incomplete data completed.
Objection. You have the right, when we process Personal Data on the grounds of legitimate interests, to object to the processing of your Personal Data for compelling and legitimate reasons relating to your particular situation, except in cases where legal provisions expressly provide for that processing. In addition, you have the right to object at any time where your Personal Data is processed for direct marketing purposes.
Portability. You may receive your Personal Data that you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit them to other data controllers without hindrance. This right only exists if the processing is based on your consent or a contract and the processing is carried out by automated means.
Restriction. You may request to restrict processing of your Personal Data (i) while we verify your request – if you have contested the accuracy of the Personal Data about you which we hold; (ii) if the processing is unlawful and you oppose the erasure of it and request restriction instead; (iii) if we no longer need it, but you tell us you need it to establish, exercise or defend a legal claim; or (iv) while we verify your request if you have objected to processing based on public or legitimate interest.
Erasure. You may request to erase your Personal Data if it is no longer necessary for the purposes for which we have collected it, you have withdrawn your consent and no other legal grounds for the processing exists, you objected and no overriding legitimate grounds for the processing exist, the processing is unlawful, or erasure is required to comply with a legal obligation.
Right to lodge a complaint. You also have the right to lodge a complaint with a supervisory authority, in particular in the jurisdiction of your residence, or the location where the issue that is the subject of the complaint occurred.
Right to refuse or withdraw consent. Please note that in case we ask for your consent to certain processing, you are free to refuse to give consent and you can withdraw your consent at any time without any adverse negative consequences. The lawfulness of any processing of your Personal Data that occurred prior to the withdrawal of your consent will not be affected.
If you have questions about exercising any of those rights or their applicability to any of our particular processing activities or have questions about any data transfer mechanism or want a copy thereof, you may contact us at email@example.com or at the address provided below.
We have taken great measures to ensure that your visit to our website and your interactions with Huron are satisfying and that your privacy is respected. Unless otherwise stated, Huron is a business and data controller for Personal Data processed subject to this Statement. Because Huron is a professional services firm focused primarily on serving other businesses, Huron is a service provider and data processor to our clients for Personal Data that belongs to the data subjects and consumers who are associated with those clients. If you have any questions, comments or concerns about our privacy practices, please contact us by e-mail at firstname.lastname@example.org.
Copyright 2012-2020 Huron Consulting Group Inc. and its subsidiaries
All rights reserved.
Effective as of August 7, 2020