Trial Access

Privacy Policy

Privacy Policy

01. Who we are

This is the privacy policy for The Boston Consulting Group, Inc. and its affiliates (BCG or we). This privacy policy was last updated in January 2022. For more detail on BCG's international operations please see https://www.bcg.com/about/offices/default.aspx

02. Applicability of this Privacy Policy

This Privacy Policy applies only to your use of the FinTech Control Tower Portal (Portal) where access is granted to you as part of your subscription to the Portal, to provide you access to its tools and analytics that visualizes market intelligence, movements and trends across the FinTech, RegTech & InsurTech ecosystems.

03. Important information about this Privacy Policy

BCG understands that your privacy is important.

This privacy policy (together with our Terms of Use which you will also have been asked to agree to and any additional terms of use incorporated by reference into the Terms of Use) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. This Portal is not intended for and does not intentionally target or solicit to children or anyone of 18 years of age and younger. Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

04. Changes to this Privacy Policy

Please note that BCG may, in its discretion, amend this privacy policy from time to time. To ensure you are able to remain informed about the information we collect and how we use it, material changes to our statement will be reflected here and we will notify you whenever we make a material change to this Privacy Policy. The Portal may contain links to external sites or services which are not governed by this privacy policy. BCG does not take responsibility for the privacy practices of any third party sites to which we link. We encourage you to review the privacy policies of any such sites before you submit information there.

Contact details:

05. The data we collect about you

We may collect, use, store and transfer the following personal data about you:

  • Name, work (or personal) email address, IP address,
  • Personal LinkedIN ID, LinkedIN First & Last Name, LinkedIN primary email address, LinkedIN profile picture
  • User ID (auto generated by OKTA during account creation), Distinct ID (auto generated by MixPanel)
  • Device information (Device ID, Device Name), Browser and OS information (Browser ID, Browser Name), User activity
  • Communication preference, Interest preferences, Opt in / out settings Marketing segmentation and effectiveness (e.g. open rates, click thru rates, conversion rates, location, time, device identifiers, browser & OS information)
  • Your company data incl. the name & social media links of company Investors and people who work at the company

We also collect, use and share aggregated data such as statistical data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate the data relating to details of your use of the Portal to calculate audience (e.g. typical time spent on site)

We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

06. Authentication through Okta

In order to use our Portal, you will need to authenticate with the third-party provider Okta Inc. (301 Brannan St Ste 300, San Francisco, CA 94107) with your LinkedIn username and a personal password or may register manually. Your data will be processed and stored exclusively for the purpose of authentication and to provide the services of the Portal. After successful authentication you will receive personal access to our Portal. In case of authentication with LinkedIN, an Okta registration is not required

07. How your personal data is collected

We will collect and process the following data about you:

  • Information you give us. This is information you consent to giving us about you by filling in forms on the Portal, or by corresponding with us (for example, by email or chat). It includes information you provide when you register to the Portal or when you report a problem with the Portal. If you contact us, we will keep a record of that correspondence.
  • When you register to the waiting list. We may collect your personal data where you register only to join our waiting list and/or would like to request a demo before subscribing to the Portal
  • Information we collect through Social Network. The Portal may allow you to sign into and associate your LinkedIn account with this Portal. The Site allows you to log in to the Portal account using your LinkedIn account credentials. By logging in to your Portal account using your LinkedIn account credentials, you give us permission to access information that you have made available in your public LinkedIn profile and your phone number may also be asked for authentication. The information available in your public profile varies based on your settings, but may include your email address, real name, profile picture, gender, and location. We use the information we receive from your LinkedIn account in accordance with LinkedIn’s terms of use and this Privacy Policy. Please refer to the privacy settings in your LinkedIn account for information about what data is shared with us and other connected applications and to manage the data that is shared through your account, including information about your activities using our Portal or by sending an email to: FCTDataSubjectRequest@bcg.com
  • Third party sources. We may also collect personal data about you from third parties, such as data brokers or aggregators, or from you as a company representative. This includes demographic, professional and other information that is publicly available online, including information you choose to make public through social media platforms and other public online forums. We may combine this data with existing information we have about you, for the purposes of you using the services (e.g. viewing FinTechs on the platform, showing investor information, showing employees of the company, showing diversity metrics of companies, etc. We will always seek to confirm that the third party has provided transparent information about its use of the data, including its disclosure to third parties like BCG, in compliance with applicable law.

08. How are Cookies used on this Portal

This Portal may request cookies to be set on your device. A cookie is a small text file that is stored on a user’s computer for record-keeping purposes. We do link the information we store in cookies to your personal information – IP, email and name for the purposes of analytics, security monitoring (e.g. to catch multiple attempts for login via different IP addresses for the same user), tracking usage of the platform and users location.

We use both session cookies and persistent cookies and we use cookies to let us know when you visit this Portal site and how you interact with us, to enrich your user experience, and to personalize your experience with this Portal. You can change your cookie preferences by selecting to turn certain cookies off. Please note that blocking some types of cookies may impact your experience on this Portal and the services we are able to offer.

09. Essential Cookies

These cookies are strictly necessary to provide you with services available through this Portal and to use some of its features please see the list below. The Portal gathers certain information automatically when a user interacts with the site and stores that information in log files. This information includes Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. These IP addresses are stored after you end your session. We use this information to: (i) remember cookie consent; (ii) administer the site; (iii) protect against spam enquires on forms; and (iv) maintain a user’s logged in state and move around the tool. We do link this automatically collected data to your personal information. Because these cookies are strictly necessary to deliver this Portal, you cannot refuse them without impacting how this Portal functions.

Cookie-Script:

  • Cookie Name: CookieScriptConsent
  • Function: used to remember users consent and preferences to cookie use
  • Expires: 1 month
  • Type: Essential

Google reCAPTCHA:

  • Cookie Name: _GRECAPTCH
  • Function: set by Google reCAPTCHA to protect against spam enquires on contact forms
  • Expires: 6 months
  • Type: Essential

OKTA:

  • Cookie Name: okta-oauth-nonce, okta-oauth-redirect-params, okta-oauth-stat
  • Function: used to maintain users logged in state and move around the tool and use its features
  • Expires: Session
  • Type: Essential

10. Performance and Functionality Cookies

These cookies are used to (i) enhance the performance and functionality of this Portal; (ii) analyse trends; (iii) track users movements and clickstream events around the site; and (iv) gather demographic information about our user base as a whole but are non-essential to their use. However, without these cookies, certain functionality may become unavailable. A session cookie expires when you close your browser.

A persistent cookie remains on your hard drive for an extended period of time.

MixPanel:

  • Cookie Name: mp_*_mixpanel (note * replaced with unique id generated by MixPanel)
  • Function: used for website behavioural analytics, tracking how users use the website, improving performance, experience & navigation of the website, A/B testing, understanding user needs for improvements / developing new services, using data to drive product roadmap development
  • Expires: 1 year
  • Type: Performance

11. How can I control cookies?

You can block or delete certain cookies by changing your browser settings, as described herein.

You can choose which cookies to accept from the Portal through a pop-up that presents itself when you first visit

You can amend these settings later through the link ‘Cookie Settings’ displayed on the footer (or left hand navigation if logged into the Portal). You may also choose to delete in browser, this changes per browser being used by you, please review your browser help settings to d

12. How we use your personal data

We will only use your personal data when the law allows us to do so. Most commonly we will use your personal data in the following circumstances:

  • Where you have consented before the processing;
  • Where we need to perform a contract we are about to enter or have entered with you (including where necessary to use the Portal);
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and
  • Where we need to comply with a legal or regulatory obligation.

13. Purposes for which we will use your personal data

We process your personal information for the purposes of safeguarding the legitimate interests pursued by BCG. This includes:

Creating an account, using the Portal and its services, accessing approved and/or subscribed parts of the Portal and services, authentication and validation of the users/details (e.g. email), pre-filling user profile details; communicating website and service announcements, features, best practices, getting started guides, hints and tips, how to get the best from the site and services, invitation to platform and beta features; communicating service and self-service related information e.g. planned/unplanned maintenance/downtime, updates to functionality that requires user action, password retrieval/reset, multi-factor authentication; providing troubleshooting and technical support; communicating marketing and promotional products and services and information that the user/prospect has expressed an interest and opted in, optimize marketing campaign effectiveness and content; tailoring and personalizing the website and its content, improving the website and service experience, conduct research to improve website conversion and interaction content, improving navigation, improving search results, recommending content based on industry/company/interest/location/searches, improving/understanding needs for existing service improvements/roadmaps, developing new services; protecting accounts from fraudulent activities or suspicious activity, including notification or an attempt to sign-in from unusual location and/or devices; protecting the safety and reliability of services, including detecting, preventing, and responding to fraud, abuse security risks or technical issues; creating and keeping up to date company, financing and people information, allowing self-verification and validating self-verified information provided; creating and sharing watchlists and other sharable functionality from the website and/or services; updating and overwriting of incorrect data from internal FCT teams (e.g., in the case of data conflict from multiple sources/in response to a Data Subject Request); making available company related information provided by you to the users of the site (e.g. company information, financial information, investors, senior leadership team members, funding information, use cases, value chain, people, business and product lines, etc.)

Insofar as you have granted us consent to the processing of personal information for specific purposes (including registration on the Portal), the lawfulness of such processing is based on your consent. You may withdraw your consent to the extent permitted by applicable law, by sending an email to: FCTDataSubjectRequest@bcg.com.

We will not sell, share, or rent or otherwise make available your personal information to other parties, except that we may disclose the information to third parties who perform services on our behalf and have a need to access the information in connection with those services. Any third parties will only process this information to the extent to which and within the limits that BCG itself is permitted to process that data.

14. Disclosures of your personal data

The third parties with whom we may need to share personal information to help us provide the Portal are: our subsidiaries or affiliates; our advisors; training vendors who need to access some of your data to enable you to have access to training content; third-parties for maintenance; our third-party service providers who process information on our behalf to help run some of our internal business operations including IT services and marketing services. In particular this will include third parties who provide the IT infrastructure and cloud storage capabilities to enable the Portal to function or any other third parties that we appoint to supersede such service providers; and law enforcement bodies in order to comply with any legal obligation or court order.

Because BCG is a global organization, we need to transfer personal information which is collected by the Portal across the BCG group of companies https://www.bcg.com/about/offices/default.aspx to help operate our business efficiently. This also includes third parties located in different countries around the world, including outside of the EEA. These arrangements may involve your personal information being located in various countries around the world e.g. USA where privacy laws differ. We only make these arrangements or transfers where we are satisfied that adequate levels of protection are in place to protect information held in that country. In addition, the Portal may be viewed and accessed anywhere in the world including countries that may not have laws regulating the use and transfer of personally identifiable information. By using the Portal or submitting personal information to BCG through other means you voluntarily consent to such international transfer and hosting of such information to those countries and parties.

15. Compliance with law

BCG complies with all applicable privacy laws and regulations. BCG may be compelled to surrender personal user or customer information to legal authorities if presented with a court subpoena or similar legal or administrative order, or as required or permitted by the laws, rules and regulations of any nation, state or other applicable jurisdiction. Also, in the event of a violation of the terms and conditions of use of the Portal or a violation of any restrictions on use of materials provided in or through the Portal, we may disclose personal user information to authorities.

16. Data security

All information you provide to us is stored on our secure servers operated by our third-party hosting providers, including Amazon Web Services. BCG has in place appropriate technological and operational security processes designed to protect personal data from loss, misuse, alteration or destruction. Only authorized employees and contractors will have access to any data provided by you, and that access is limited by need. Each employee or contractor having access to any personal data is obligated to maintain its confidentiality. Although we take steps that are generally accepted as industry standard to protect your personal data, BCG cannot guarantee that your personally-identifiable information will not become accessible to unauthorized persons and BCG cannot be responsible for any actions resulting from a breach of security when information is supplied over the internet or any public compute network. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator when we are legally required to do so.

17. Data retention

BCG retains your personal information for so long as is necessary to fulfil the purpose for which it was collected. We may retain your personal information for longer if they may be the subject of a legal claim, or may otherwise be relevant for future litigation.

In some circumstances we will anonymise and/or aggregate your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

18. Your legal rights

In accordance with applicable data protection laws you have a right to request a copy of the personal information we hold about you and details of how we use that information. If any of the information held about you is incorrect or out of date, you have the right to amend or rectify it, please follow the process outlined below and we will amend our records where appropriate. You also have the right to require us to erase your personal data, stop processing your personal data, restricting the processing of your personal information, right of portability of your personal information and/or to withdraw your consent to processing. If you think we may have incorrect personal information, or would like a copy of the personal information we hold on you, or to exercise any other data protection right, please contact us at FCTDataSubjectRequest@bcg.com. Please note that we will need you to prove who you are before we can provide you with any information.

You also have a right to lodge a complaint with a relevant supervisory authority.

See us in action!

Our powerful, global FinTech platform draws on proprietary data tools, the latest market intelligence, and BCG’s expertise to help clients uncover opportunities and execute on their FinTech agenda

Request a demo

Claim Your Profile

Join Our Waitlist