Cambridge Partners & Associates, Inc. (“Cambridge Partners”) developed this Privacy Statement to provide information about our practices regarding the collection, use, and disclosure of information that may be provided to us. This privacy statement applies to information provided by the individual, or which is regarding the individual and provided by associates or affiliates of Cambridge Partners. The privacy principles for Cambridge Partners in this Policy are based on the Safe Harbor Principles (http://export.gov/safeharbor). When Cambridge Partners receives personal information from its subsidiaries, affiliates or other entities in the EU/EEA, it will use and disclose such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such personal information relates. There are several ways that Cambridge Partners could receive data – either Cambridge Partners collects it directly or it is provided to us, as a third party, by an affiliate or subsidiary. In the event that we receive data as a third party, it is the responsibility of the sending party to be compliant with Safe Harbor principles. It is Cambridge Partners’ goal to work with reputable companies that have similar privacy policies.
If Cambridge Partners is the original collector of information from individuals in the EU/EEA, it will inform them about the purposes for which it collects and uses their personal information, the types of non-agent third parties to which Cambridge Partners discloses that information, the choices and means, if any, Cambridge Partners offers individuals for limiting the use and disclosure of personal information about them, and how to contact Cambridge Partners. (See the DISPUTE RESOLUTION section.) Notice will be provided in clear and conspicuous language when individuals are first asked to provide personal information to Cambridge Partners, or as soon as possible thereafter, and in any event before Cambridge Partners uses or discloses the information for a purpose other than that for which it was originally collected.
In the event that the information is collected by another entity, that entity is responsible for complying with the Safe Harbor Principles.
If Cambridge Partners is the original collector of information from individuals in the EU/EEA, Cambridge Partners will offer individuals the opportunity to choose (opt-out) whether their personal information is to be disclosed to a non-agent third party or to be used for a purpose other than that for which it was originally collected or subsequently authorized by the individual.
For sensitive personal information, Cambridge Partners will give individuals the opportunity to affirmatively and explicitly (opt-in) consent to the disclosure of the information to a non-agent third party and/or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
In the event that the information is collected by another entity, that entity is responsible for offering the individual reasonable mechanisms for exercising their choices.
TRANSFERS TO THIRD PARTIES (AGENTS)
If Cambridge Partners is the original collector of information from individuals in the EU/EEA, Cambridge Partners will obtain assurances from its agents when transferring information to them that they will safeguard personal information consistent with this Policy.
In the event that the information is collected by another entity and they have requested that we transfer the data to another third party (agent), that entity is responsible for complying with the Safe Harbor Principles that assure the compliance of the agent to whom Cambridge Partners is transferring data.
The Examples of appropriate assurances that may be provided to Cambridge Partners by agents include the following: a contract obligating the agent to provide at least the same level of protection as is required by the relevant Safe Harbor Principles, being subject to EU Directive 95/46/EC (the EU Data Protection Directive), being subject to Swiss Federal Act on Data Protection, Safe Harbor certification by the agent, or being subject to another European Commission or Swiss FDPIC adequacy finding (e.g., companies located in Canada). Where Cambridge Partners has knowledge that an agent is using or disclosing personal information in a manner contrary to this Policy, Cambridge Partners will take reasonable steps to prevent or stop the use or disclosure.
Cambridge Partners reserves the right to use or disclose information provided if required by law or if Cambridge Partners reasonably believes that use of disclosure is necessary to protect their rights and/or to comply with a judicial proceeding, court order, or legal process.
ACCESS AND CORRECTION
Upon request, Cambridge Partners will grant individuals reasonable access to personal information that it holds about them. In addition, Cambridge Partners will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate or incomplete. For security reasons, Cambridge Partners will take steps to authenticate the individual’s identity before providing them with access to Personal Information.
In the event that the information is collected by another entity, that entity will be responsible for working with the individual to correct or delete their personal information.
Cambridge Partners will take reasonable precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
Cambridge Partners will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. Cambridge Partners will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current.
Cambridge Partners will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that Cambridge Partners determines is in violation of this policy will be subject to disciplinary action up to and including termination of employment.
As part of our participation in Safe Harbor, we provide the following dispute resolution procedures:
If Cambridge Partners is the original collector of information from individuals in the EU/EEA, any questions or concerns regarding the use or disclosure of this personal information should be directed to the Cambridge Partners’ Privacy Office at the address given below. Cambridge Partners will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information by reference to the principles contained in this Policy.
Cambridge Partners & Associates, Inc.
500 N. Plum Grove Ave. Palatine, IL 60067
For complaints that cannot be resolved between Cambridge Partners and the complainant, Cambridge Partners will participate in the following dispute resolution procedure in the investigation and resolution of complaints to resolve disputes pursuant to the Safe Harbor Principles:
For disputes involving personal information received by Cambridge Partners from the EU/EEA, Cambridge Partners has agreed to TRUSTe dispute resolution. Individuals who submit a question or concern to Cambridge Partners and who do not receive acknowledgment from Cambridge Partners regarding the inquiry or who think their question or concern has not been satisfactorily addressed should then contact the TRUSTe Safe Harbor Dispute Resolution Program online, by mail or by fax as listed below. Inquiries by mail or fax should identify Cambridge Partners as the company to which a concern or question has been submitted, and include a description of the privacy concern, the name of the individual submitting the inquiry, and whether TRUSTe may share the details of the inquiry with Cambridge Partners. TRUSTe will act as a liaison to Cambridge Partners to resolve these disputes. The TRUSTe dispute resolution process shall be conducted in English.
Mail: Watchdog Complaints
835 Market St, Ste 800
San Francisco, CA, USA 94103
If you are mailing or faxing TRUSTe to lodge a complaint, you must include the following information:
- The name of the company
- The alleged privacy violation
- Your contact information
- Whether you would like the details of your complaint shared with the company
In the event that the information is collected by another entity, that entity will be responsible for working with the individual to resolve any concerns or questions.
This Notice is effective as of February 1, 2015.