01. Who we are
BCG understands that your privacy is important.
- Data Protection Office
- The Boston Consulting Group Inc
- 200 Pier Four Boulevard Boston, MA 02210
05. The data we collect about you
We may collect, use, store and transfer the following personal data about you:
- Name, work (or personal) email address, IP address,
- Personal LinkedIN ID, LinkedIN First & Last Name, LinkedIN primary email address, LinkedIN profile picture
- User ID (auto generated by OKTA during account creation), Distinct ID (auto generated by MixPanel)
- Device information (Device ID, Device Name), Browser and OS information (Browser ID, Browser Name), User activity
- Communication preference, Interest preferences, Opt in / out settings Marketing segmentation and effectiveness (e.g. open rates, click thru rates, conversion rates, location, time, device identifiers, browser & OS information)
- Your company data incl. the name & social media links of company Investors and people who work at the company
We also collect, use and share aggregated data such as statistical data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate the data relating to details of your use of the Portal to calculate audience (e.g. typical time spent on site)
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
06. Authentication through Okta
In order to use our Portal, you will need to authenticate with the third-party provider Okta Inc. (301 Brannan St Ste 300, San Francisco, CA 94107) with your LinkedIn username and a personal password or may register manually. Your data will be processed and stored exclusively for the purpose of authentication and to provide the services of the Portal. After successful authentication you will receive personal access to our Portal. In case of authentication with LinkedIN, an Okta registration is not required
07. How your personal data is collected
We will collect and process the following data about you:
- Information you give us. This is information you consent to giving us about you by filling in forms on the Portal, or by corresponding with us (for example, by email or chat). It includes information you provide when you register to the Portal or when you report a problem with the Portal. If you contact us, we will keep a record of that correspondence.
- When you register to the waiting list. We may collect your personal data where you register only to join our waiting list and/or would like to request a demo before subscribing to the Portal
- Third party sources. We may also collect personal data about you from third parties, such as data brokers or aggregators, or from you as a company representative. This includes demographic, professional and other information that is publicly available online, including information you choose to make public through social media platforms and other public online forums. We may combine this data with existing information we have about you, for the purposes of you using the services (e.g. viewing FinTechs on the platform, showing investor information, showing employees of the company, showing diversity metrics of companies, etc. We will always seek to confirm that the third party has provided transparent information about its use of the data, including its disclosure to third parties like BCG, in compliance with applicable law.
08. How are Cookies used on this Portal
This Portal may request cookies to be set on your device. A cookie is a small text file that is stored on a user’s computer for record-keeping purposes. We do link the information we store in cookies to your personal information – IP, email and name for the purposes of analytics, security monitoring (e.g. to catch multiple attempts for login via different IP addresses for the same user), tracking usage of the platform and users location.
09. Essential Cookies
These cookies are strictly necessary to provide you with services available through this Portal and to use some of its features please see the list below. The Portal gathers certain information automatically when a user interacts with the site and stores that information in log files. This information includes Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. These IP addresses are stored after you end your session. We use this information to: (i) remember cookie consent; (ii) administer the site; (iii) protect against spam enquires on forms; and (iv) maintain a user’s logged in state and move around the tool. We do link this automatically collected data to your personal information. Because these cookies are strictly necessary to deliver this Portal, you cannot refuse them without impacting how this Portal functions.
- Cookie Name: CookieScriptConsent
- Function: used to remember users consent and preferences to cookie use
- Expires: 1 month
- Type: Essential
- Cookie Name: _GRECAPTCH
- Function: set by Google reCAPTCHA to protect against spam enquires on contact forms
- Expires: 6 months
- Type: Essential
- Cookie Name: okta-oauth-nonce, okta-oauth-redirect-params, okta-oauth-stat
- Function: used to maintain users logged in state and move around the tool and use its features
- Expires: Session
- Type: Essential
10. Performance and Functionality Cookies
These cookies are used to (i) enhance the performance and functionality of this Portal; (ii) analyse trends; (iii) track users movements and clickstream events around the site; and (iv) gather demographic information about our user base as a whole but are non-essential to their use. However, without these cookies, certain functionality may become unavailable. A session cookie expires when you close your browser.
A persistent cookie remains on your hard drive for an extended period of time.
- Cookie Name: mp_*_mixpanel (note * replaced with unique id generated by MixPanel)
- Function: used for website behavioural analytics, tracking how users use the website, improving performance, experience & navigation of the website, A/B testing, understanding user needs for improvements / developing new services, using data to drive product roadmap development
- Expires: 1 year
- Type: Performance
11. How can I control cookies?
You can block or delete certain cookies by changing your browser settings, as described herein.
You can choose which cookies to accept from the Portal through a pop-up that presents itself when you first visit
You can amend these settings later through the link ‘Cookie Settings’ displayed on the footer (or left hand navigation if logged into the Portal). You may also choose to delete in browser, this changes per browser being used by you, please review your browser help settings to d
12. How we use your personal data
We will only use your personal data when the law allows us to do so. Most commonly we will use your personal data in the following circumstances:
- Where you have consented before the processing;
- Where we need to perform a contract we are about to enter or have entered with you (including where necessary to use the Portal);
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and
- Where we need to comply with a legal or regulatory obligation.
13. Purposes for which we will use your personal data
We process your personal information for the purposes of safeguarding the legitimate interests pursued by BCG. This includes:
Creating an account, using the Portal and its services, accessing approved and/or subscribed parts of the Portal and services, authentication and validation of the users/details (e.g. email), pre-filling user profile details; communicating website and service announcements, features, best practices, getting started guides, hints and tips, how to get the best from the site and services, invitation to platform and beta features; communicating service and self-service related information e.g. planned/unplanned maintenance/downtime, updates to functionality that requires user action, password retrieval/reset, multi-factor authentication; providing troubleshooting and technical support; communicating marketing and promotional products and services and information that the user/prospect has expressed an interest and opted in, optimize marketing campaign effectiveness and content; tailoring and personalizing the website and its content, improving the website and service experience, conduct research to improve website conversion and interaction content, improving navigation, improving search results, recommending content based on industry/company/interest/location/searches, improving/understanding needs for existing service improvements/roadmaps, developing new services; protecting accounts from fraudulent activities or suspicious activity, including notification or an attempt to sign-in from unusual location and/or devices; protecting the safety and reliability of services, including detecting, preventing, and responding to fraud, abuse security risks or technical issues; creating and keeping up to date company, financing and people information, allowing self-verification and validating self-verified information provided; creating and sharing watchlists and other sharable functionality from the website and/or services; updating and overwriting of incorrect data from internal FCT teams (e.g., in the case of data conflict from multiple sources/in response to a Data Subject Request); making available company related information provided by you to the users of the site (e.g. company information, financial information, investors, senior leadership team members, funding information, use cases, value chain, people, business and product lines, etc.)
Insofar as you have granted us consent to the processing of personal information for specific purposes (including registration on the Portal), the lawfulness of such processing is based on your consent. You may withdraw your consent to the extent permitted by applicable law, by sending an email to: FCTDataSubjectRequest@bcg.com.
We will not sell, share, or rent or otherwise make available your personal information to other parties, except that we may disclose the information to third parties who perform services on our behalf and have a need to access the information in connection with those services. Any third parties will only process this information to the extent to which and within the limits that BCG itself is permitted to process that data.
14. Disclosures of your personal data
The third parties with whom we may need to share personal information to help us provide the Portal are: our subsidiaries or affiliates; our advisors; training vendors who need to access some of your data to enable you to have access to training content; third-parties for maintenance; our third-party service providers who process information on our behalf to help run some of our internal business operations including IT services and marketing services. In particular this will include third parties who provide the IT infrastructure and cloud storage capabilities to enable the Portal to function or any other third parties that we appoint to supersede such service providers; and law enforcement bodies in order to comply with any legal obligation or court order.
Because BCG is a global organization, we need to transfer personal information which is collected by the Portal across the BCG group of companies https://www.bcg.com/about/offices/default.aspx to help operate our business efficiently. This also includes third parties located in different countries around the world, including outside of the EEA. These arrangements may involve your personal information being located in various countries around the world e.g. USA where privacy laws differ. We only make these arrangements or transfers where we are satisfied that adequate levels of protection are in place to protect information held in that country. In addition, the Portal may be viewed and accessed anywhere in the world including countries that may not have laws regulating the use and transfer of personally identifiable information. By using the Portal or submitting personal information to BCG through other means you voluntarily consent to such international transfer and hosting of such information to those countries and parties.
15. Compliance with law
BCG complies with all applicable privacy laws and regulations. BCG may be compelled to surrender personal user or customer information to legal authorities if presented with a court subpoena or similar legal or administrative order, or as required or permitted by the laws, rules and regulations of any nation, state or other applicable jurisdiction. Also, in the event of a violation of the terms and conditions of use of the Portal or a violation of any restrictions on use of materials provided in or through the Portal, we may disclose personal user information to authorities.
16. Data security
All information you provide to us is stored on our secure servers operated by our third-party hosting providers, including Amazon Web Services. BCG has in place appropriate technological and operational security processes designed to protect personal data from loss, misuse, alteration or destruction. Only authorized employees and contractors will have access to any data provided by you, and that access is limited by need. Each employee or contractor having access to any personal data is obligated to maintain its confidentiality. Although we take steps that are generally accepted as industry standard to protect your personal data, BCG cannot guarantee that your personally-identifiable information will not become accessible to unauthorized persons and BCG cannot be responsible for any actions resulting from a breach of security when information is supplied over the internet or any public compute network. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator when we are legally required to do so.
17. Data retention
BCG retains your personal information for so long as is necessary to fulfil the purpose for which it was collected. We may retain your personal information for longer if they may be the subject of a legal claim, or may otherwise be relevant for future litigation.
In some circumstances we will anonymise and/or aggregate your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
18. Your legal rights
In accordance with applicable data protection laws you have a right to request a copy of the personal information we hold about you and details of how we use that information. If any of the information held about you is incorrect or out of date, you have the right to amend or rectify it, please follow the process outlined below and we will amend our records where appropriate. You also have the right to require us to erase your personal data, stop processing your personal data, restricting the processing of your personal information, right of portability of your personal information and/or to withdraw your consent to processing. If you think we may have incorrect personal information, or would like a copy of the personal information we hold on you, or to exercise any other data protection right, please contact us at FCTDataSubjectRequest@bcg.com. Please note that we will need you to prove who you are before we can provide you with any information.
You also have a right to lodge a complaint with a relevant supervisory authority.