Effective Date: December 2020
Everest Group has a duty to protect your privacy, and we take that duty very seriously. This Privacy Notice explains who controls your personal information, what information we collect, why we collect and use it, who we share it with, and how we protect it, along with the tools you can use to manage your privacy. Any data and information that could be used (directly or indirectly) to identify you or another individual is referred to as “Information” in this Privacy Notice. In some countries, the use or storage of Information is called “processing”, and the word “use” includes all such “processing”. To receive this Privacy Notice en Francais, auf Deutsch, en Español, or in Italiano, go to everestgrp.com/privacy-notice/translations.
We do not use your Information to sell any third-party services or products. We don’t allow other companies to advertise on our websites, or to use the Information you provide to us to sell their products or services. We do not engage in automated decision-making or profiling that could affect you or your rights. We offer business and professional products and services that are not targeted to persons under the age of 18. If you are under the age of 18, we request that you not provide your Information to us.
If you have questions that are not answered in this Privacy Notice, you can contact us at [email protected] or by using the information in the “Contacting Everest Group” section at the end of this Privacy Notice.
Control of Your Information
We are a group of affiliated consulting and research companies that are jointly branded as Everest Group. Our companies work together in making decisions about how Information is collected and used, and we are joint controllers of your Information. Our parent company, Everest Global, Inc., d/b/a Everest Group, is located at 12770 Merit Drive, Suite 800, Dallas, Texas 75251, U.S.A. The other companies included in Everest Group are Everest Group Consulting Limited (United Kingdom), Everest Outsourcing Canada Co. (Canada), Everest Business Advisory India Private Limited (India) and Everest Group Consulting Czech Republic (Czech Republic).
Types of Information We Collect
The types of Information we collect depends on how you interact with Everest Group. If you only browse our webpages, we’ll have less Information about you than if you create an account, request publications, engage us for consulting or research services, buy our research materials, or otherwise use our products or services.
Information collected during website browsing
Information about website use
We collect various Information about your use of our website, including the following: your search history; products you view; purchase activity; what you clicked on and other uses of our features; the amount of time you spend looking at different parts of our websites; and inferences we draw about your preferences, such as a preference for information about a certain type of business.
Browser and Device Information
We collect some Information about the browser and device you use, including the following: browser type and settings; device type and settings; operating system; unique identifiers; version of the operating system or app you are using; IP address; crash reports; system activity; and the date and time you visited Everest Group’s websites.
Cookies and Related Information
Our website collects some types of cookies and related information, including the following: session cookies; persistent cookies; pixel tags and tracking pixels, information gathered by data analytics tools like Google Analytics; and identifiers. “Cookies” are bits of electronic data that can be transferred to your computer or other device to identify your browser. To get more information about cookies and how you can control them, click “cookie preferences” at the bottom of our home website, www.everestgrp.com.
Cookies from outside sources
We want you to be aware that, apart from what is collected by our website, there may be cookies or related trackers used by other companies that that collect Information about you while you visit our website or visit other websites. We have no control over these types of cookies or trackers, but most website browsers have options that can assist you in controlling these types of outside-source cookies.
When you visit our websites, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behavior patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only used in a way that does not directly identify any individuals. We do not use Google Analytics to make any attempt to find out the identities of those visiting our website. If Google Analytics collects any data from our website that might indirectly allow identification (such as an IP address) it does not provide that data to us. Under its legal agreements, Google Analytics cannot use that kind of data or Information itself without our consent, which we do not grant.
We use another third-party analytics service, Marketo, to collect analytical data that helps our business function better and helps us better understand the needs and interests of our market, customers and potential customers. Marketo may access Information that does or could identify you. Under its legal agreements with us, however, it can only use such Information to provide services to Everest Group, as directed by Everest Group. We require Marketo to safeguard your Information to the same high level that we do.
Information collected if you use our products or services
Registering, creating an account or signing up for insights or newsletters
If you register, create an account, or sign up for insights or newsletters, we will collect all the Information you enter, which may include your name, email address, address, telephone number, company, language preference, country of residence and title. Once you have an account, you will be invited to provide other optional information, such as your areas of interest.
Engaging us for consulting or research services
If you or your company engage us for consulting or research services, or are considering a possible engagement, we will collect the Information relating to you and your co-workers that is needed to prepare for, discuss, and perform the services, including the names, titles, email addresses, telephone numbers, and work addresses for you and any other people we will need to contact in connection with the services. We will collect commercial Information, including Information about the services you have chosen, and any additional Information as needed for performance, invoicing, processing, and payment purposes.
Purchasing research materials
If you or your company purchase our research materials, or are considering a possible purchase, we will collect the Information relating to you and your co-workers that is needed to prepare for, discuss and fulfill the research materials orders including the applicable names, titles, email addresses, telephone numbers, and work addresses of you and any other people we will need to contact in connection with the purchase. We will collect commercial Information, including Information about the products you have chosen, and additional Information as needed for performance, fulfillment, invoicing, processing and payment purposes.
Follow up calls and emails; in person meetings
If you use our products or services (or may be considering using them), we may seek additional information via calls or emails. That information may include Information such as contact names, emails, and areas of interest. If you attend one of our presentations or meet us in person at conferences, we may collect Information from you in person. For example, you might give us a business card or share your name, phone number, or email address and ask us to contact you.
Collection of credit card information by third parties
Everest Group does not collect or retain credit card information, but there may be links on some of our webpages to companies that are not a part of Everest Group, who may collect credit card information. We do not receive copies of or have access to your credit card information. Any Information you provide in connection with credit card processing is governed by the credit card processors’ privacy policies and privacy notice, which we encourage you to read.
Links to and from social media and websites of other organizations
Our webpages may provide links to other organization’s websites, such as social media websites. You also may visit our webpage using links from such websites. This Privacy Notice does not apply to how those other organizations use Information. We encourage you to read the privacy notices and policies on the other websites you visit.
How and Why We Use Your Information
Below are the reasons we use your Information.
Providing, improving and marketing our services and products, performing contracts, and completing transactions
We use your Information to determine what products or services you or other customers may prefer and to deliver those products or services to you. This includes things like processing your account and information requests and preparing for and performing contracts. We also use your Information to improve our existing services and develop new ones. For example, we track how you use our websites and use that Information to troubleshoot issues and adjust things to improve your experience. We may use it to help market our goods or services to you, but we will not do so in a way that might impair your legitimate interests or fundamental rights.
Communicating with you
We use the contact Information you provide us, like your phone number and email address, to communicate with you about our services. This includes things like responding to comments, questions, and requests you send us. It also includes notifying you of transaction or service updates and changes.
Legal, safety and business continuity reasons
We may use your Information to protect your rights or safety, or the safety of others, and to comply with judicial or governmental subpoenas, warrants or orders. We also may use your Information to detect, investigate, and prevent fraudulent transactions and other illegal activities and to protect the rights and property of Everest Group, its customers, and others. And, we may store your Information to satisfy our disaster recovery and business continuity obligations.
Other uses of your Information
Occasionally, there may be a reason we’d like to use your Information in a way that isn’t described here. If so, we’ll let you know so that you can decide if you’re comfortable with it.
How We Share Your Information
We understand that sharing Information with third parties is a big responsibility. We’re committed to sharing Information only when needed for a legitimate business or legal purpose, and then only with recipients who will protect it.
No Third-Party Marketing
We do not share your Information with any third parties for purposes of direct marketing. We use your Information to help us market Everest Group products and services to you and other customers, but we do not use or share it for purposes of marketing the products or services of companies that are not part of Everest Group.
When Everest Group hires a service provider to help our business, we may need to give them access to Information to provide their service. We allow them to use the Information only to perform the service we’ve asked them to perform. We vet all service providers carefully, and Everest Group always remains responsible for the privacy of your Information that is shared with our service provider.
Legal and compliance transfers
When Everest Group needs to share data to satisfy a legal or regulatory requirement, including responding to a subpoena or other lawful government request for data, we will share Information only as necessary to comply with that requirement. We will tell you before sharing your Information in these situations unless we are prohibited from doing so or we don’t have the Information we need to contact you. We may also share Information if needed to enforce our legal rights, detect or prevent fraud or security concerns, and protect public safety. If Everest Group is involved in a merger, acquisition, or any form of transfer or sale of some or all of its business, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, we may share your Information in connection with that transaction.
Public and deidentified data
As part of our business research work, we may share Information that you have made public. For instance, we might quote a business statement that you have made at an industry conference. We may also share aggregated and/or deidentified information that cannot reasonably be used to identify you.
Sale of Information
Everest Group only uses your Information in connection with its own services and products. It does not sell your Information or permit third parties to use the Information you provide to us for their own purposes.
Chart of how we use and share Information
Below is summary chart of how we use and share Information. It uses categories found in the California Consumer Privacy Act (“CCPA”) and the European Union’s (EU) General Data Protection Regulation (GDPR), but it applies globally.
Use and Sharing of Information by Category
|Category and sources of Information||How we use it||Types of individuals affected||How we share it|
We collect this Information from our users, customers, and visitors to our websites. We also generate identifiers internally.
|To enable use of our sites, services, and products, to communicate with you, to understand how our users interact with our sites, and to improve our products and services||People who use our sites, create a user account, or send us an inquiry about our products or services||We share this data with our service providers as needed to operate our website and business, to market our products and services, to enhance customer interactions with us, and to improve our products, services|
Personal Information (per CCPA) and personal data (per GDPR)
We collect this Information from our users, customers, and visitors to our websites
|To enable use of our sites, services, and products, to communicate with you, to understand how our users interact with our sites, to negotiate and perform contracts, and to improve our products and services||People who create a user account, send us inquiries about or products or services from us, or obtain products or services from us||We share this data with our service providers as needed to operate our business and to improve our products and services|
|Protected classifications and Sensitive Data||We don’t collect this data||None||Not applicable|
We collect this Information from our customers, and generate it internally during transactions with our customers
|To transact with you if you use our services or products, to enable transactions you’ve requested, and to prepare for and perform contracts||People who purchase or are considering purchasing products or services from us||We share this data with our service providers as needed to assist in the consideration of our products or services, respond to customer inquiries, provide products and services, and negotiate and fulfill contracts for our products and services|
|Biometric Information||We don’t collect this data||None||Not applicable|
Electronic network activity information
We collect this information from our users and customers
|To enable use of our sites, services, and products, to communicate with you, to understand how our users interact with our sites, and to improve our offerings||People who use our sites||We share this data with our service providers as needed to operate our business and to sell or market our products and services|
|Geolocation data||We don’t collect this data||None||Not applicable|
Audio, electronic, visual, thermal, olfactory, or similar Information
We may collect audio and visual Information. We don’t collect thermal, olfactory or similar Information.
|We may record calls (with prior notice) to ensure accuracy. We may use photos (such as business card or website photos) to help identify customers or potential customers||People who participate in recorded calls, people who provide or post photos||We do not share this Information|
Professional or employment-related Information
We collect this Information from our customers and potential customers
|To provide, services or products requested, and to negotiate and perform contracts||People who use or request information about our products or services; contact us in a business-to-business context||We share this data with our service providers as needed for our business operations and to sell or market our products and services|
|Education Information||We don’t collect this data||None||Not applicable|
We may generate these internally
|To understand how our users, interact with our sites, to develop and offer more relevant and useful services and products, and to improve the products and services we offer||People who use (or inquire about) our sites, services or products||We don’t share|
Automated Decision Making and Profiling
We don’t engage in any automated decision-making or profiling that would affect you or your rights.
|We don’t engage in these practices||None||Not applicable|
Information about children
Our products and services are not marketed to or sold to children and we don’t knowingly collect or use Information about people under the age of 18
|If we inadvertently receive Information about people under the age of 18, we delete it immediately. We do not use such Information||None||We do not share|
How Long We Retain Your Information
We will only keep your Information for as long as it is needed for the legitimate business purposes for which we collected it, unless we are required by legal obligations to retain it longer. You can view our specific retention policies by requesting them at [email protected].
How We Protect Your Information
We protect your Information by following data protection principles and applicable data protection laws and by implementing reasonable and appropriate data security measures.
The data protection laws and principles we follow
Everest Group complies with all the data protections laws that are applicable to us, including GDPR and the CCPA. We also follow the data protection principles of lawfulness, fairness, transparency, purpose limitation, data minimization, data accuracy, storage limitation, security, and accountability. We only use your Information in ways that are lawful, fair and transparent. We only collect your Information for the legitimate reasons we have explained in this Privacy Notice, and we won’t use it for purposes inconsistent with those reasons. We will only collect the Information needed for those reasons, and we will promptly correct any inaccuracies in your Information. We won’t keep your Information longer than is needed for those purposes and we will take appropriate measures to keep your Information secure and confidential. We will be accountable and responsive if you make requests about your Information.
The data security measures we take
We take reasonable and appropriate measures designed to protect your Information and keep it confidential. These measures include antivirus and antimalware software, encryption in transit, physical security systems, and restricting access to those who have a need to know your Information. Our detailed Information Security Policy may be viewed by requesting it at [email protected]
Your Rights Under Data Protection Law
Under data protection law, you have rights that we need to make you aware of. Some rights are applicable to everyone, but whether you have other rights may depend where you live and the reasons that we have for using your Information. Residents of the European Union (EU), California, and Nevada have additional rights, which are listed separately below.
We will not discriminate against you for exercising any of your data protection rights. If you limit the use of your Information or close your account, however, we won’t be able to offer you any products or services that require us to use that Information.
Rights available to everyone
The rights listed in this section are available to you no matter where you live.
Your right to know about the Information we have collected
You have the right to know what types of Information we have collected, how we are using it, who we share it with, and how we collect it. We have tried to provide all the information in this Privacy Notice, but you can ask to confirm or explain our use of your Information.
Your right to withdraw consent
If you have consented to the use of your Information, you have the right to withdraw consent at any time. You also have the right to unsubscribe from our group marketing emails.
Your right to object to the use of your Information or to ask us to limit its use
You have the right to ask us to stop using your Information, in certain circumstances. You also have the right to ask us to stop using it in certain ways.
Your right to access your Information and have errors corrected
You have the right to access and review your Information and to ask us to correct any Information that you think is inaccurate. You also have the right to ask us to complete any Information you think is incomplete.
Your right to complain about any suspected breaches or misuse of your Information
You have the right to tell us that if you think we have allowed a breach or misuse of your Information, and we have a duty to promptly investigate your claim, take corrective action where possible, and report back to you what we have done.
Your right to a reasonable and timely response
You have a right to timely response when you make a data protection request. We always reply as promptly as we reasonably can. In the EU and the UK, we must respond within 30 days. For California residents, we must respond within 45 days. We may not be able to completely resolve your issues in those time frames, but if not, we will let you know the reasons.
Additional rights available to EU residents
If you are citizen or resident of the European Union, you have the additional rights listed below.
Your right to erasure
You have the right, in certain circumstances, to ask us to delete certain Information and to longer store or use it.
Your right to a portable copy of Information
You have a right to obtain an easily readable and transferable copy of the Information that you have provided to us pursuant to a consent or for performance of a contract, if we store it an automated format. You may request that we transfer this copy of your Information to you, or to someone else.
Additional rights available to California residents
If you are a California resident, then you have the additional rights listed below.
Your right to know what specific Information we have and to get a copy of it
In certain circumstances, you have the right to know what specific Information we have collected about you and to obtain copies of it or to allow an agent to obtain copies of it. We are not allowed to share your Information unless we receive sufficient verification that you or your authorized agent is the one requesting the Information.
Your right to erasure
You have the right, in certain circumstances, to ask us to delete certain Information and to longer store or use it.
Additional right available to Nevada consumers
All companies are required to give Nevada consumers a method to use to request that the company not sell their Information. We do not sell your Information. But, if you would like to submit a request that we not sell your information, you may do so by sending an email to [email protected] with the text or subject, “Do not sell my information.”
How to Exercise Your Data Protection Rights
You can exercise any of your data protection rights several ways. When a person makes a request to exercise his or her data protection rights, we refer to that request as a Data Subject Rights Request or “DSRR”.
Your Privacy Tools and Choices
Managing cookie preferences
Managing email preferences
If you have an account with Everest Group and are logged into it, you can select your email preferences through your account settings. You can select preferences to narrow the topics or range of emails you receive. You also can select “email opt out” to opt out of group emails and email subscriptions. Even if you unsubscribe from some email subscriptions, we may still need to email you with transactional or non-subscription information. For our group marketing emails, you can “unsubscribe” via a link at the bottom of the email.
Calls and texts
Some of our accounts and services allow you to provide your phone number to us. If you give us your number, we may call or text you, for example, to give you information about services or materials we are providing. We do not send automated “robo” calls or texts. We will contact you via phone or texts only in accordance with applicable legal requirements.
Everest Group’s offices and servers are located in multiple countries, and your Information may be processed on servers located outside of the country where you live. Data protection laws vary among countries, with some providing more protection than others. Regardless of where your Information is used, we apply the same protections described in this Privacy Notice.
If you are a resident of the EU, we need to meet special protection requirements if we transfer your Information from the EU to a location outside of the EU. We satisfy those requirements by having EU-approved contracts, called Standard Contractual Clauses, in place among all the Everest Group companies. These contracts legally require that we protect your Information to the standards set by the EU, even outside of the EU. If we transfer EU Information outside of the EU to a non-Everest Group location, we will enter into Standard Contractual Clauses with the recipient or else ensure that EU transfer requirements are met by other approved means.
Scope of this this Privacy Notice
This Privacy Notice only covers our websites. Our websites may link to other companies’ websites. Everest Group doesn’t control those external websites, and we recommend that you review their privacy policies. This Privacy Notice does not cover the Information used in connection with Everest Group employment, employment applications, recruitment and contractors. Those areas are covered by separate policies, which may be requested at [email protected].
Contacting Everest Group
If you have any questions about this Privacy Notice, or the privacy practices of Everest Group, you may contact us via email at [email protected], or via postal mail at the following address: Everest Group, 12770 Merit Drive, Suite 800, Dallas, TX, 75251, USA.
Our Data Protection Officer is Nancy Strehlow, and you can contact her at [email protected] or via the postal address above. You also can contact us to exercise your rights via the following link: everestgrp.com/privacy-notice/data-rights.
You have the right to lodge a complaint about the treatment of your Personal Information by contacting the data protection authorities in your home country or by contacting the U.K.’s Information Commissioners office at 0303 123 1113 or https://ico.org.uk/concerns.
Changes to this Privacy Notice
We are always reviewing our privacy practices to make sure they comply with this Privacy Notice. Sometimes, we may need to update the Privacy Notice to clarify information or reflect changes in our products, technology, or uses of Information. We will not change the Privacy Notice in a way that reduces your rights or significantly changes the way we use or share Information without notifying those who have shared their contact Information with us and giving them a chance to stop using our services if they so desire.