Effective Date: May 25, 2018
- Your use of our website and mobile applications;
- Subscriptions to our newsletters and other marketing messages;
- Invitations to and participation in our webinars, seminars, and other events;
- Alumni communications and activities;
- Recruitment processes;
- Client and potential client matters;
- Procurement and potential procurement; and
- Our use of Personal Data related to the family members, next of kin, and/or dependents of our current and former employees and other BMF personnel in connection with the provision of benefits and similar services.
BMF AS DATA CONTROLLER:
“Bernie Mac Foundation” or “BMF” refers to one of the following entities: The Bernie Mac Foundation, Inc. (an “Entity”).
If no Entity has been clearly identified, the data controller or data controllers may be identified in the following order or precedence:
- For Personal Data that BMF collects on or through its websites and mobile applications, The Bernie Mac Foundation, Inc. is the data controller.
- For Personal Data that is collected in connection with our newsletters and other marketing message, the data controller is identified on the subscription form and in each message.
- For Personal Data collected in connection with invitations and participation in our webinars, seminars, and other events, the data controller will be the Entity which is organizing such event as identified in the invitation.
- For alumni communications and activities, the data controller is the Entity that is identified in the respective communication or in the context of the activity.
- For Personal Data collected in the context of a recruitment process, the data controller is the Entity identified in the job posting or otherwise seeking to source a position.
- For Personal Data that BMF collects pursuant to a client or contractor relationship, the BMF entity with which you have the client or contractor relationship is the data controller. Note that BMF is an independent data controller with regard to Personal Data we obtain through our client relationships; BMF will not be a data processor for our clients.
- For activities in the context of the procurement of products and services, the data controller will be the Entity identified in the order form, agreement, or similar document.
PERSONAL DATA WE PROCESS:
“Personal Data” refers to any information that relates to you directly or indirectly or any other “personal data” as defined in Article 4 point 1 of Regulation (EU) 2016/679 (General Data Protection Regulation) (“GDPR”). We process the following categories of Personal Data:
- Contact information, such as your name, home or business address, email address, and phone number, social media handles, and business contact information;
- Client information, which includes information provided or made available to us by or on behalf of our clients and information generated by us in the course of providing services to our clients;
- Technical information, such as data collected about your interaction with our websites, mobile applications, and email communications;
- Financial information, such as payment card and related information;
- Recruitment information, such as curriculum vitae/resume, work history, and qualifications;
- Identification or background information provided by you or collected by us or third parties as part of our recruitment, engagements, business analysis, client onboarding, regulatory compliance checks, and related processes;
- Family information, such as the demographic and contact information of your family members, dependents, next kin, and other persons related to potential and current BMF employees or other personnel; and
- Any other information that you provide us that can be used to identify you.
We collect Personal Data from:
- Direct interactions, such as when you enquire about our services, provide us your contact details, register for an event with us, provide us with information in connection with our services, participate in surveys or questionnaires, subscribe to newsletter and blog updates, post comments on our blogs, or in any way engage with us or our personnel;
- Cookies and automated technologies, such as when you interact with our website, mobile applications or click on links on our emails;
- Mobile applications, such as when you use mobile applications that we may offer as part of our services or at certain BMF events we host;
- Private third-party sources, such as when third parties, including other law firms, banks, or clients provide information to us;
- Through social media, such as if you link to social media platforms or use social media plug-ins, we may (depending on your user privacy settings on that social media platform) automatically receive information about you from that social media platform;
- Public sources, such as when we need to collect your Personal Data from publicly available sources including, government and law enforcement agencies, companies and land registries; and
- Security systems, such as when you visit our offices we may obtain closed circuit television (“CCTV”) footage and other information through electronic means such as security/swipe card records.
HOW WE USE YOUR PERSONAL DATA:
Personal Data we obtain through our provision of legal services:
We use Personal Data in the course of and in connection with the services we provide to our clients. The legal basis for processing such data will generally be our legitimate interest to provide legal services to our clients or to establish, exercise or defend legal claims of our clients (Article 6(1)(f) GDPR). We will process identification and background information as part of our business acceptance, finance, administration and marketing processes, including anti-money laundering, conflict, reputational and financial checks. We will also process Personal Data provided to us by or on behalf of our clients for the purposes of the work we do for them or on their behalf. Such data will be subject to our professional obligation of confidentiality (attorney-client privilege). Personal Data may be disclosed to third parties to the extent necessary in connection with that work.
We may also manage legal claims, subpoenas, and requests in connection with investigations and dispute-resolution processes (“Legal Claims”) for you, our clients, and other third parties who may be involved in the Legal Claims. We will process contact information and any other information that pertains to the Legal Claims. The legal basis of processing will be to fulfill our legal, regulatory and risk management obligations, including establishing, exercising or defending legal claims (Article 6(1)(c) GDPR).
Personal Data we obtain outside of our provision of legal services:
Below is a description of the Personal Data we collect outside of our provision of legal services, the likely source of the Personal Data, how we may use it, and for what purposes and pursuant to what legal basis.
We only process Special Categories of Personal Data if you give us your explicit consent, the processing is necessary to meet a legal or regulatory obligation, the processing is in connection with the establishment, exercise or defense of our or our client’s legal claims or is otherwise expressly permitted by the GDPR. Special Categories of Personal Data includes information about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, and data concerning health, sex life, and sexual orientation.
If we need to collect Personal Data by law or under the terms of an engagement or contract we have with you and you fail to provide us with the information when requested, subject to our regulatory ethics, we may not be able to continue the engagement or perform the contract we have, or are trying to enter into, with you. We will inform you of any mandatory Personal Data we require from you and the consequences if you fail to provide it.
HOW WE SHARE YOUR PERSONAL DATA:
We will share your Personal Data within the same BMF Entity, with other BMF Entities as may be required, with data processors, and with other controllers. We may also transfer your Personal Data outside of the EEA.
Recipients within the same BMF Entity:
Your Personal Data will be used by our partners, employees and other staff members for the purposes described above and for accounting, tax and other administrative purposes.
Recipients within other BMF Entities:
Your Personal Data will be used by our partners, employees, and other staff members for the purposes described above and for accounting, tax and other administrative purposes.
We engage other BMF Entities (in particular, The Bernie Mac Foundation, Inc. (US) for other Entities) as well as third-party service providers for the provision of services that help us in processing Personal Data and providing services to our clients. These will process your personal data as data processors solely on our behalf. The categories of such recipients include:
- Service providers for information technology and telecommunications (such as data centers, hosting providers, email service providers;
- Marketing service providers;
- Accounting service providers;
- Forensic service providers;
- Corporate services and litigation support providers;
- Trustee and nominee service providers;
- Expert witnesses;
- Incorporation service providers;
- Cyber security providers; and
- Business process outsourcing providers.
In addition, we may share your Personal Data with:
- Any party for whom your consent has been provided or other legal basis obtained, including companies we introduce you to or companies with whom you ask us to share your Personal Data;
- Third-party law firms that provide legal services necessary to accomplish the processing activities set forth above;
- Third parties, if necessary in relation to a merger, sale, acquisition, divesture, restructuring, reorganization, dissolution, bankruptcy, or other change of ownership or control (whether in whole or in part); and
International Transfer of Personal Data
Use of our Website:
This section only applies to the use of our website from the EEA.
Cookies and Other Data Collection Technology:
A “Cookie” is a small text file that is sent to or accessed from your web browser or your computer’s hard drive. A Cookie typically contains the name of the domain (internet location) from which the Cookie originated, the “lifetime” of the Cookie (when it expires), and a randomly generated unique number or other similar identifier. A Cookie may also contain information about your computer, such as user settings, browsing history and activities conducted while using our online services.
A “Web Beacon” (also called a “pixel tag” or “clear GIF”) is a piece of computer code that enables us to monitor user activity and website traffic.
We refer to Cookies, web beacons (also known as pixel tags and clear GIFs) and other similar technology as “Data Collection Technology.” To learn more about cookies and web beacons, visit www.allaboutcookies.org.
Data Collection Technology helps us improve your experience on our online services. For example, we use Google Analytics, a web-based analytics tool that tracks and reports on the manner in which the website is used to help us to improve it. Google Analytics does this by placing Cookies on your device. The information that the Cookies collect, such as the number of visitors to the website, the pages visited and the length of time spent on the website, is aggregated. We also may use Data Collection Technology to collect information from the computer or device that you use to access our online services, such as your operating system type, browser type, domain and other system settings, as well as the language your system uses and the country and time zone in which your computer or device is located.
We generally use the following types of Data Collection Technologies, which may change from time to time:
Your Control of Cookies:
Some web browsers (including some mobile web browsers) provide settings that allow you to control or reject Cookies or alert you when a Cookies is placed on your device. You may also be able to reject mobile device identifiers by activating the appropriate setting on your mobile device. Although you are not required to accept Cookies or mobile device identifiers, if you block or reject them, you may not have access to all features available through our online services.
Our Policy on Do Not Track Signals:
Some web browsers incorporate a “Do Not Track” (“DNT”) or similar feature that signals to websites that a user does not want to have his or her online activity and behavior tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from collecting certain information about the browser’s user. We follow the DNT signals we receive from your browsers.
LINKS TO THIRD-PARTY WEBSITES AND SERVICES:
We implement appropriate technical and organizational measures designed to ensure your Personal Data in protected from unauthorized access, use, disclosure, alteration or destruction, in accordance with applicable laws and regulations. For example:
- Limiting access of your Personal Data to authorized parties;
- Limiting our collection and use of your Personal Data to the extent necessary to provide you with our services;
- If we outsource processing of Personal Data to third parties, basing our selection on said third parties having adequate safeguards in place that meet our data protection and security standards, and regularly auditing their compliance with applicable data protection policies, laws and regulations;
- Having systems in place designed to ensure that we can restore the availability and access to Personal Data in the event of a physical or technical incident;
- Periodically inspecting, assessing, and evaluating the effectiveness of our technical and organizational measures designed to ensure the security of our processing; and
- Regularly training our personnel on data protection and cybersecurity.
RETENTION OF PERSONAL DATA:
We will keep your Personal Data for as long as necessary to fulfill the purposes we collected it for, including any legal, accounting or reporting requirements. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data, whether we can achieve those purposes through other means, and all applicable legal requirements.
Our services are not directed to or intended for use by minors. Consistent with the requirements of the US Children’s Online Privacy Protection Act, the GDPR, and all other applicable laws and regulations, if we learn that we have received information directly from a child under age 16 without his or her parent or legal guardian’s verified consent, we will use that information only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use our services. Subsequently, we will delete such information.
Under the GDPR, you have the following rights regarding your Personal Data that we process:
- Right to access to the following information: (a) the purposes of the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; (d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; (f) the right to lodge a complaint with a supervisory authority; (g) where the personal data has not been collected from you, any available information as to their source; (h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject (Article 15 of the GDPR). Please note that we may not be able to provide you with access to your Personal Data that we use in connection with providing legal services to a client that is not you due to laws concerning attorney-client privilege.
- Right to rectification of inaccurate personal data concerning you under as well as, taking into account the purposes of the processing, the right to have incomplete personal data completed, including by means of providing a supplementary statement (Article 16 of the GDPR).
- Right to erasure (deletion) of personal data concerning you without undue delay where: (a) the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) you withdraw your consent and there are no other legal grounds for the processing; (c) you exercise your right to object (see below) and there are no compelling legitimate grounds for the processing; (d) the personal data have been unlawfully processed; or (e) the personal data have to be erased for compliance with a legal obligation applicable to us (Article 17 of the GDPR).
- Right to restriction of processing (i.e., data will be blocked from normal processing but not erased) where: (a) you contest the accuracy of the personal data, for a period enabling us to verify the accuracy; (b) the processing is unlawful and you oppose the erasure of the personal data and requests the restriction of their use instead; (c) we no longer need the personal data for the purposes of the processing but they are required by you for the establishment, exercise or defence of legal claims; (d) you exercise your right to object (see below) pending the verification whether our legitimate grounds override those of yours.
- Where processing is based on your consent, the right to withdraw consent at any time, without affecting the lawfulness of the processing prior to such withdrawal. Please note that even after you have chosen to withdraw your consent we may be able to continue to process your Personal Data, in some limited circumstances, to the extent required or otherwise permitted by law, or in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.
- Where processing is based on your consent, or on a contract, the right to data portability, i.e. the right to obtain a copy of the data concerning you in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from us.
- Right to object to the processing of personal data based on legitimate interests of us, other BMF Entities or any third-party under Article 21 of the GDPR based on your particular situation, provided that there are no compelling legitimate grounds for the processing that would override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
Please note that if you decide to exercise some of your rights, we may be unable to perform the actions necessary to achieve the purposes set out above or you may not be able to use or take full advantage of the services and products we offer.
We must ensure that your Personal Data is accurate and up to date. Therefore, please advise us of any changes to your information by emailing us here.
SPECIAL NOTICE TO CALIFORNIA RESIDENTS:
California Civil Code Section 1798.83 permits individual California residents to request certain information regarding our disclosure of certain categories of Personal Data to third parties for those third parties’ direct marketing purposes. To make such a request, please contact us using the information in the section “Contact Us” below. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the email or mailing addresses specified in this Section.
You always have the right to lodge a complaint with your local competent supervisory authority or any authority that applies to BMF.
In addition, you may contact our Privacy Officer using the contact information below:
By Mail: The Bernie Mac Foundation, Inc.
Attention: Privacy Officer
150 N. Michigan Ave.
Chicago, IL 60601
By Phone: +1 ______________________
By Email: ________________________
2. INFORMATION WE MAY COLLECT
When you use the Services, we may collect two types of information: Personal Information and Usage Data.
- Postal address
- Telephone number
- Email address
Personal Information does not include either (i) aggregated information to the extent that an individual’s identity cannot reasonably be derived from it, or (ii) publicly available information that has not been combined with non-public Personal Information.
We define “Usage Data” as information about an individual’s activity on or through the Services that, by itself, does not reasonably identify the individual, such as the following:
- Browser and operating system information
- Computer or device type
- Time spent navigating certain webpages or connected via mobile applications
- Information collected through Data Collection Technologies (as defined below)
Generally, we do not consider Usage Data as Personal Information, because Usage Data by itself usually does not identify an individual. However, in some jurisdictions, Usage Data may be considered Personal Information because it can be used to make inferences about you.
3. COLLECTION, USE AND DISCLOSURE OF PERSONAL INFORMATION
We collect, use and disclose Personal Information for all lawful purposes in the operation and conduct of our business.
How We May Collect Personal Information
We and our service providers may collect Personal Information through your use of the Services, such as when you register with us, participate in surveys and questionnaires, apply for employment, or subscribe to newsletters and blog updates. We also may collect the Personal Information that you publish or display on public areas of the Services, such as one of BMF’s blogs (collectively, “User Contributions”). Your User Contributions are made publicly available at your own risk. We do not control the actions of third parties that access your User Contributions.
Through Mobile Applications: We may offer mobile applications (“Apps”) as part of the Services or at certain BMF events that we host. When we offer Apps, we may collect information about your use of and interaction with the Apps, such as operating system type, browser type, domain and other system settings, search queries, the country and time zone in which the mobile device or tablet is located, metadata and other information associated with other files stored on your device. We also may collect information about the location of the mobile device or tablet used to access the Services (“Location Data”). Location Data includes: (i) the location of the mobile device or tablet derived from GPS or WiFi use, (ii) the IP address of the mobile device or tablet or internet service used to access the Services, and (iii) other information made available by a user or others that indicates the current or prior location of the user, such as geotag information in photographs. If you do not want us to collect Location Data from your device, please delete the App or disable the location settings on your device or tablet. Note, however, that disabling the location setting may affect your ability to access and use an App.
How We May Use Personal Information
- To confirm registrations, respond to your inquiries or fulfill your requests, such as to register you for a seminar or to email you materials you requested
- To send you information, such as legal updates and event announcements, that we think may interest you
- To allow you to send Services-related content through the Services
- If you contact us through the services, to keep a record of your contact information and correspondence to use when responding to you
- To notify you about important information regarding changes to our terms, conditions and policies
- To analyze use of the Services to help us detect problems, prevent fraud, identify usage trends and improve user experience
- If you apply for employment with us, to process your employment application and other related activities only
How We May Disclose Personal Information
We may disclosure your Personal Information as follows:
- With your consent. We may disclose your Personal Information to any party for whom your consent has been provided. For example, we may disclose your Personal Information to anyone to whom you send messages through the Services.
- To our service providers. We may disclose information with third-party service providers that support our operations, through services such as registering and hosting webcast and live events, and employee recruitment.
- In relation to a corporate transaction. We may disclose and transfer Personal Information if we are involved in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy, or other change of ownership or control (whether in whole or in part).
4. COLLECTION, USE AND DISCLOSURE OF USAGE DATA
We collect, use and disclose Usage Data for all lawful purposes in the operation and conduct of our businesses.
How We May Collect Usage Data
When you use the Services, including Apps, we and our service providers may collect the Usage Data that is collected by most browsers or automatically through your device. When you download and use an App, we and our service providers may track and collect App data, including when you accessed our servers and what information and file have been downloaded. We also collect Usage Data through our use of Data Collection Technology. For more information about how we use Data Collection Technology, including cookies, please review Section 5 below.
How We May Use and Disclose Usage Data
We may use and disclose Usage Data for any purpose, except where we are required to do otherwise under applicable law. If we are required to treat certain types of Usage Data as Personal Information under applicable law, we use and disclose it as described in Section 3 above.
In some instances, we may combine Usage Data with Personal Information (such as your device ID with your name). If we combine any Usage Data with Personal Information, the combined information will be treated by us as Personal Information as long as it is combined and can be used to identify you.
5. COOKIES AND OTHER DATA COLLECTION TECHNOLOGY
We refer to cookies, web beacons (also known as pixel tags and clear GIFs) and other similar technology as “Data Collection Technology.”
A cookie is a small text file that is sent to or accessed from your web browser or your computer’s hard drive. A cookie typically contains the name of the domain (internet location) from which the cookie originated, the “lifetime” of the cookie (when it expires), and a randomly generated unique number or other similar identifier. A cookie may also contain information about your computer, such as user settings, browsing history and activities conducted while using the Services. A web beacon (also called a pixel tag or clear GIF) is a piece of computer code that enables us to monitor user activity and website traffic. To learn more about cookies and web beacons, visit www.allaboutcookies.org.
How We Use Data Collection Technology: Data Collection Technology helps us improve your experience of the Services. In particular, we use analytics cookies to compile statistics about the use of the Services, help us analyze technical and navigational information about the services, and detect and prevent fraud. We also may use Data Collection Technology to collect information from the computer or device that you use to access the Services, such as your operating system type, browser type, domain and other system settings, as well as the language your system uses and the country and time zone in which your computer or device is located.
Your Control of Cookies: Some web browsers (including some mobile web browsers) provide settings that allow you to control or reject cookies or alert you when a cookie is placed on your computer or device. You may also be able to reject mobile device identifiers by activating the appropriate setting on your mobile device. Although you are not required to accept cookies or mobile device identifiers, if you block or reject them, you may not have access to all features available through the Services.
Our Policy on Do Not Track Signals: Some web browsers incorporate a “Do Not Track” (“DNT”) or similar feature that signals to websites that a user does not want to have his or her online activity and behavior tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from collecting certain Personal Information about the browser’s user. We follow the DNT signals we receive from your browsers.
6. CHOICES AND ACCESS
Marketing Emails: If you do not wish to receive marketing-related emails from us, please click the unsubscribe link at the bottom of a marketing email, or email us at ___________________________.
Access Requests: You may request access to any of your Personal Information that you have previously provided to us through the Services. You may also request that we update, modify or delete your Personal Information that we have collected. Please contact us by email at email@example.com to exercise these rights.
Please note that we cannot remove or modify your Personal Information from the databases of third parties to which we have disclosed your information prior to your opt-out or access request. Please contact those third parties directly.
7. SPECIAL NOTICE TO CALIFORNIA RESIDENTS
California Civil Code Section 1798.83 permits individual California residents to request certain information regarding our disclosure of certain categories of Personal Information to third parties for those third parties’ direct marketing purposes. To make such a request, please contact us at firstname.lastname@example.org. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the email or mailing addresses specified in this Section.
8. LINKS TO OTHER WEBSITES AND SERVICES
9. NOTICE TO INTERNATIONAL VISITORS
The Services are controlled and operated by us from the United States, and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than the United States. Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers. By using the Services, you consent to the transfer of information to countries outside of your country of residence, including the United States, which may have different data protection rules than those of your country.
We take reasonable precautions intended to help protect the Personal Information that we collect and store; however, no system or online transmission of data is completely secure. We cannot guarantee the security of information transmitted to or through the Services. Any transmission is at your own risk. Please use security measures to protect your Personal Information.
11. CHILDREN’S PRIVACY
The Services are not directed to or intended for use by minors. Consistent with the requirements of the US Children’s Online Privacy Protection Act, if we learn that we have received information directly from a child under age 13 without his or her parent or legal guardian’s verified consent, we will use that information only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use the Services. Subsequently, we will make commercially reasonable efforts to delete such information.
12. QUESTIONS OR COMMENTS
By Mail: The Bernie Mac Foundation, Inc.
Attention: Privacy Officer
150 N. Michigan Ave.
Chicago, IL 60601