A.T. Kearney, Inc. (“A.T. Kearney”) respects your concerns about privacy. A.T. Kearney has certified that it abides by the Safe Harbor privacy principles as set forth by the U.S. Department of Commerce regarding the collection, storage, use, transfer, and other processing of Personal Data transferred from the European Economic Area (“EEA”) or Switzerland to the United States. This Policy outlines our general policy and practices for implementing the Safe Harbor privacy principles for Consumer and Worker Personal Data.
For purposes of this policy:
“A.T. Kearney Group” means the subsidiaries and affiliates of A.T. Kearney Holdings Limited.
“Consumer” means any natural person who is located in the EEA or Switzerland, but excludes any individual acting in his or her capacity as a Worker.
“Client” means any entity that obtains strategic and management consulting or other services from the A.T. Kearney Group.
“Personal Data” means any information, including Sensitive Data, that (i) is transferred to A.T. Kearney in the U.S. from the EEA or Switzerland, (ii) is recorded in any form, (iii) relates to an identified or identifiable Consumer or Worker, and (iv) can be linked to that individual.
“Sensitive Data” means Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.
“Worker” means any current, former, or prospective employee of the A.T. Kearney Group, who is located in the EEA or Switzerland. For purposes of this Policy, “Worker” includes any managing director, temporary worker, intern, other non-permanent employee, contractor or consultant of A.T. Kearney Group, who is located in the EEA or Switzerland.
How A.T. Kearney Obtains Personal Data
In connection with providing strategic and management consulting or other services to its Clients, A.T. Kearney may access or obtain Personal Data about a Client’s Consumers located in the EEA or Switzerland. In addition, A.T. Kearney may access or obtain Personal Data about a Client’s Consumers located in the EEA or Switzerland in connection with providing support services to the A.T. Kearney Group, including during the course of providing (i) data storage, website and application hosting and maintenance, email, telephony and network connectivity, and other information technology infrastructure and services; (ii) data back-up and restoration, disaster recovery and business continuity planning and (iii) other technical, organizational, and administrative functions and resources.
A.T. Kearney also collects Personal Data directly from Consumers. This collection occurs, for example, when a Consumer visits the A.T. Kearney Site, and provides Personal Data through the Site. In addition, A.T. Kearney obtains Personal Data, such as contact information, in connection with maintaining the firm’s Client relationships and providing services to Clients. A.T. Kearney also obtains Personal Data associated with its vendors. This information may include contact information of the vendors’ representatives. A.T. Kearney uses this information to manage its relationships with its vendors.
A.T. Kearney obtains and processes Personal Data about its Workers when carrying out and supporting administrative and human resources functions and activities for the A.T. Kearney Group, including: (i) administering Worker benefits; (ii) managing Worker travel; (iii) recruiting and hiring job applicants; (iv) performing background checks and verifying references; (v) managing Worker headcount; (vi) maintaining a global directory; (vii) managing Worker communications; (viii) managing Worker performance; (ix) determining Worker compensation; (x) managing the Worker termination process; (xi) maintaining the Global Alumni Network; (xii) for other general human resources purposes and (xiii) for information technology-related purposes (such as data storage, website and application hosting and maintenance; email; telephony and network connectivity; data back-up and restoration; disaster recovery and business continuity planning; and other technical, organizational and administrative functions). A.T. Kearney obtains and processes Personal Data about Workers’ emergency contacts and other individuals (such as dependents and beneficiaries) to the extent our Workers provide the information to us. We process this information to comply with our legal obligations and for internal administrative purposes.
A.T. Kearney’s practices regarding the collection, storage, use, transfer, and other processing of Personal Data comply, as appropriate, with the Safe Harbor principles of notice, choice, onward transfer, access, security, data integrity, and enforcement and oversight.
Relevant information also may be found in privacy notices pertaining to specific data processing activities.
In circumstances in which A.T. Kearney maintains Personal Data about Consumers with whom A.T. Kearney does not have a direct relationship because A.T. Kearney obtained or maintains the Consumers’ data as a service provider for its Clients, A.T. Kearney’s Clients are responsible for providing the relevant individuals with certain choices with respect to the Clients’ use or disclosure of the individual’s Personal Data.
A.T. Kearney may disclose Personal Data without offering an opportunity to opt out (i) to service providers the firm has retained to perform services on its behalf, (ii) if it is required to do so by law or legal process, (iii) to law enforcement or other government authorities, or (iv) when A.T. Kearney believes disclosure is necessary to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual illegal activity. A.T. Kearney also reserves the right to transfer Personal Data in the event it sells or transfers all or a portion of its business or assets (including in the event of a reorganization, dissolution, or liquidation). Should such a sale or transfer occur, A.T. Kearney will use reasonable efforts to direct the transferee to use the Personal Data in a manner that is consistent with A.T. Kearney’s privacy policies. A.T. Kearney uses Personal Data only for the purposes indicated in this Policy unless it has a legal basis, such as consent, to use it for other purposes. To the extent required by law, A.T. Kearney obtains prior opt-in consent at the time of collection for the processing of (i) Personal Data for marketing purposes and (ii) Sensitive Data.
Onward Transfer of Personal Data
Where appropriate, A.T. Kearney provides Consumers and Workers with reasonable access to the Personal Data A.T. Kearney maintains about them. A.T. Kearney also provides a reasonable opportunity for Consumers and Workers to correct, amend, or delete that information where it is inaccurate, as appropriate. A.T. Kearney may limit or deny access to Personal Data where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by the Safe Harbor principles. The right to access Personal Data also may be limited in some circumstances by local law requirements. Consumers and Workers may request access to their Personal Data by contacting A.T. Kearney as indicated below.
In circumstances in which A.T. Kearney maintains Personal Data about Consumers with whom A.T. Kearney does not have a direct relationship because A.T. Kearney obtained or maintains the Consumers’ data as a service provider for its Clients, A.T. Kearney’s Clients are responsible for providing Consumers with access to the Personal Data and the right to correct, amend, or delete the information where it is inaccurate. In these circumstances, Consumers should direct their questions to the appropriate A.T. Kearney Client. When a Consumer is unable to contact the appropriate Client, or does not obtain a response from the Client, A.T. Kearney will provide reasonable assistance in forwarding the individual’s request to the Client.
A.T. Kearney takes reasonable precautions to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration, and destruction.
A.T. Kearney takes reasonable steps to ensure that the Personal Data the firm processes are (i) relevant for the purposes for which they are to be used, (ii) reliable for their intended use, and (iii) accurate, complete and current. In this regard, A.T. Kearney depends on its Workers, Consumers, and Clients (with respect to Personal Data of Consumers with whom A.T. Kearney does not have a direct relationship) to update and correct Personal Data to the extent necessary for the purposes for which the information was collected or subsequently authorized by the individuals. Workers and Consumers (and Clients, as appropriate) may contact A.T. Kearney as indicated below to request that A.T. Kearney update or correct relevant Personal Data.
Enforcement and Oversight
A.T. Kearney has established procedures for periodically verifying implementation of and compliance with the Safe Harbor principles. A.T. Kearney conducts an annual self-assessment of its Personal Data practices to verify that the attestations and assertions the firm makes about its privacy practices are true and that the firm’s privacy practices have been implemented as represented.
Consumers may file a complaint concerning A.T. Kearney’s processing of their Personal Data with A.T. Kearney’s Legal Department, whose contact information is below. Workers may file a complaint concerning A.T. Kearney’s processing of their Personal Data with the firm’s Human Resources Department. A.T. Kearney will take steps to remedy any issues arising out of a failure to comply with the Safe Harbor principles. Please contact A.T. Kearney as specified below to address any complaints regarding the firm’s Personal Data practices.
If a Consumer complaint cannot be resolved through A.T. Kearney’s internal processes, A.T. Kearney will cooperate with JAMS pursuant to the JAMS International Mediation Rules, which are accessible on the JAMS website at www.jamsadr.com/international-mediation-rules. JAMS mediation may be commenced as provided for in the JAMS International Mediation Rules. The mediator may propose any appropriate remedy, such as publicity for findings of non-compliance, payment of compensation for losses incurred as a result of non-compliance, or cessation of processing of the Personal Data of the Consumer who has brought the complaint. A.T. Kearney will assume the costs of the administrative fees if the mediator makes a written recommendation that finds A.T. Kearney in breach of its duties pursuant to the Safe Harbor. The mediator or the Consumer also may refer the matter to the U.S. Federal Trade Commission, which has Safe Harbor enforcement jurisdiction over A.T. Kearney.
In circumstances in which A.T. Kearney maintains Personal Data about Consumers with whom
A.T. Kearney does not have a direct relationship because A.T. Kearney obtained or maintains the Consumers’ data as a service provider for its Clients, Consumers may submit complaints concerning the processing of their Personal Data to the relevant Client, in accordance with the Client’s dispute resolution process. A.T. Kearney will participate in this process at the request of the Client or the Consumer. If the issue cannot be resolved through the Client’s internal dispute resolution mechanism, the Consumer may submit the complaint to the relevant data protection authority in the EEA or Switzerland.
If a Worker complaint cannot be resolved through A.T. Kearney’s internal processes, A.T. Kearney will cooperate with the relevant EEA or Swiss data protection authority, as appropriate.
How to Contact A.T. Kearney
A.T. Kearney’s practices concerning Personal Data:
A.T. Kearney, Inc.
Attention: Legal Department
7 Times Square
New York, New York 10036