Effective Date: April 2023
This Privacy Notice explains who controls your personal information, what information we collect, why we collect and use it, who we share it with, and how we protect it, along with the tools you can use to manage your privacy. Any data and information that can be used (directly or indirectly) to identify you or another individual is referred to as “Information” in this Privacy Notice. In some countries, the use or storage of Information is called “processing,” and the word “use” includes all such “processing.”
We offer business and professional products and services that are not targeted to persons under the age of 18. If you are under the age of 18, we request that you not provide your information to us.
If you have questions that are not answered in this Privacy Notice, you can contact us at [email protected] or by using the information in the “Contacting Everest Group” section at the end of this Privacy Notice.
In this Privacy Notice, “Everest Group,” “our,” “we,” or “us” refers to a group of affiliated research companies that are jointly branded as Everest Group. In this Privacy Notice, “you,” “your,” or “data subject” refers to individuals whose Information is being processed by Everest Group. Our companies work together in making decisions about how information is collected and used, and we are joint controllers of your information. Our parent company, Everest Global, Inc., d/b/a Everest Group, is located at 12770 Merit Drive, Suite 800, Dallas, Texas 75251, US. The other companies included in Everest Group are Everest Group Consulting Limited (United Kingdom), Everest Outsourcing Canada Co. (Canada), Everest Business Advisory India Private Limited (India) and Everest Group Limited Czech Republic s.r.o. (Czech Republic).
Everest Group collects personal data during its business activities, including in connection with some client services. We directly collect your information from you when you:
Everest Group may also collect personal data about you from:
The types of Information we collect depends on how you interact with Everest Group. If you only browse our webpages, we will have less Information about you than if you create an account, request publications, engage us for research services, buy our research materials, or otherwise use our products or services.
4.1 Information collected during website browsing
(i) Information about website use
We collect various types of information about your use of our website, including your search history, products you view, purchase activity, what you clicked on and other uses of our features, the amount of time you spend looking at different parts of our website, and inferences we draw about your preferences, such as a preference for information about a certain type of business.
(ii) Browser and device information
We collect some information about the browser and device you use, including the browser type and settings, device type and settings, operating system, unique identifiers, version of the operating system or app you are using, IP address, crash reports, system activity, and the date and time you visited Everest Group’s websites.
(iii) Cookies and related information
Our website creates and collects some types of cookies and related information, including session cookies, persistent cookies, pixel tags and tracking pixels, information gathered by data analytics tools such as Google Analytics, and identifiers. Cookies are bits of electronic data that can be transferred to your computer or any other device to identify your browser. To get more information about cookies and how you can control them, click on the cookie preferences icon at the bottom left corner of our website, www.everestgrp.com.
(iv) Cookies from outside sources
We want you to be aware that, apart from what is collected by our website, there may be cookies or related trackers used by other companies that collect information about you while you visit our website or other websites. We have no control over these types of cookies or trackers, but most website browsers have options that can assist you in controlling these types of outside-source cookies.
When you visit our websites, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behavior patterns. We do this to find out things such as the number of visitors to various parts of the site. This information is only used in a way that does not directly identify any individual. We do not use Google Analytics to make any attempt to find out the identities of those visiting our website. If Google Analytics collects any data from our website that might indirectly allow identification (such as an IP address), it does not provide that data to us. Under its legal agreements, Google Analytics cannot use that kind of data or information itself without our consent, which we do not grant.
We use another third-party analytics service, Marketo, to collect analytical data that helps our business function better and helps us better understand the needs and interests of our market, customers, and potential customers. Marketo may access information that does or could identify you. Under its legal agreements with us, however, it can only use such information to provide services to Everest Group, as directed by Everest Group. We require Marketo to safeguard your information to the same high level that we do.
4.2 Information collected if you use our products or services
(i) Registering, creating an account, or signing up for insights or newsletters
If you register, create an account, or sign up for insights or newsletters, we will collect all the information you enter, which may include your name, email address, address, telephone number, company, language preference, country of residence, and job title. Once you have an account, you will be invited to provide other optional information, such as your areas of interest.
(ii) Engaging us for research services
If you or your company engage us for research services, or are considering a possible engagement, we will collect the information relating to you and your co-workers that is needed to prepare for, discuss, and perform the services, including the names, titles, email addresses, telephone numbers, and work addresses of you and any other people we will need to contact in connection with the services. We will collect commercial information, including information about the services you have chosen, and any additional information as needed for performance, invoicing, processing, and payment purposes.
(iii) Purchasing research materials
If you or your company purchase our research materials, or are considering a possible purchase, we will collect the information relating to you and your co-workers that is needed to prepare for, discuss, and fulfill the research materials’ orders, including the applicable names, titles, email addresses, telephone numbers, and work addresses of you and any other people we will need to contact in connection with the purchase. We will collect commercial information, including information about the products you have chosen and additional information as needed for performance, fulfillment, invoicing, processing, and payment purposes.
(iv) Follow-up calls and emails, and in-person meetings
If you use our products or services (or may be considering using them), we may seek additional information via calls or emails. That information may include contact names, emails, and areas of interest. If you attend one of our presentations or meet us in person at conferences, we may collect information from you. For example, you might give us a business card or share your name, phone number, or email address and ask us to contact you.
(v) Collection of payment card information by third parties
Everest Group will collect or retain your payment card on our system where you choose to pay for any of our products and services using your payment card. We use this personal data to process your payment and to prevent fraudulent transactions. Any information you provide in connection with payment card processing is governed by the payment card processors’ privacy policies and privacy notice, which we encourage you to read. We do this based on your consent to process this information.
(vi) Links to and from social media and websites of other organizations
Our webpages may provide links to other organizations’ websites, such as social media websites. You also may visit our webpage using links from such websites. This Privacy Notice does not apply to how those other organizations use information. We encourage you to read the privacy notices and policies on the other websites you visit.
We use your information for the following reasons/purposes:
(i) Providing, improving, and marketing our services and products, performing contracts, and completing transactions
We use your information to determine what products or services you or other customers may prefer and to deliver those products or services to you. This includes things such as processing your account and information requests and preparing for and performing contracts. We also use your information to improve our existing services and develop new ones. For example, we track how you use our websites and use that information to troubleshoot issues and adjust things to improve your experience. We may use it to help market our goods or services to you, but we will not do so in a way that might impair your legitimate interests or fundamental rights.
(ii) Communicating with you
We use the contact information you provide us, such as your phone number and email address, to communicate with you about our services. This includes things like responding to comments, questions, and requests you send us. It also includes notifying you of any transaction or service updates and changes.
(iv) Legal, safety, and business continuity reasons
We may use your information to protect your rights or safety, or the safety of others, and to comply with judicial or governmental subpoenas, warrants, or orders. We may also use your information to detect, investigate, and prevent fraudulent transactions and other illegal activities and to protect the rights and property of Everest Group, its customers, and others. Further, we may store your information to satisfy our disaster recovery and business continuity obligations.
(v) Other uses of your information
Occasionally, there may be a reason we would like to use your information in a way that is not described here.
We understand that sharing information with third parties is a big responsibility. We are committed to sharing information only when needed for a legitimate business or legal purpose and then only with recipients who will protect it.
(i) Service providers
When Everest Group hires a service provider to help our business, we may need to give them access to information to provide their service. We allow them to use the information only to perform the service we have asked them to perform. We vet all service providers carefully.
(ii) Legal and compliance transfers
When Everest Group needs to share data to satisfy a legal or regulatory requirement, including responding to a subpoena or other lawful government request for data, we will share information only as necessary to comply with that requirement. We will notify you before sharing your information in these situations unless we are prohibited from doing so or do not have the information we need to contact you. We may also share information if needed to enforce our legal rights, detect or prevent fraud or security concerns, and protect public safety. If Everest Group is involved in a merger, acquisition, or any form of transfer or sale of some or all of its business, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, we may share your information in connection with that transaction.
(iii) Public and de-identified data
As part of our business research work, we may share information that you have made public. For instance, we might quote a business statement that you have made at an industry conference. We may also share aggregated and/or deidentified information that cannot reasonably be used to identify you.
A chart on how we use and share information
Below is summary chart on how we use and share information. The chart uses categories found in the California Consumer Privacy Act (CCPA) and the European Union’s (EU’s) General Data Protection Regulation (GDPR), but it applies globally.
We only keep your information for as long as it is needed for the legitimate business purposes for which we collect it, unless we are required by legal obligations to retain it for a longer period. For meeting our professional and legal requirements; establishing, exercising, or defending our legal rights; and for archiving and historical purposes we need to retain information for significant periods of time. You can view our specific retention policies by requesting them at [email protected].
We protect your information by following data protection principles and applicable data protection laws and implementing reasonable and appropriate data security measures.
8.1 The data protection laws and principles we follow
Everest Group complies with all the data protections laws that are applicable to us, including GDPR and the CCPA. We also follow the data protection principles of lawfulness, fairness, transparency, purpose limitation, data minimization, data accuracy, storage limitation, security, and accountability. We only use your Information in ways that are lawful, fair, and transparent. We only collect your information for the legitimate reasons we have explained in this Privacy Notice, and we will not use it for purposes inconsistent with those reasons. We will only collect the information needed for those reasons, and we will promptly correct any inaccuracies in your information. We will not keep your information longer than is needed for those purposes, and we will take appropriate measures to keep your information secure and confidential. We will be accountable and responsive if you make requests about your information.
8.2 The data security measures we take
We take reasonable and appropriate measures designed to protect your information and keep it confidential. These measures include antivirus and antimalware software, encryption in transit, physical security systems, and restriction of access to those who have a need to know your information. Our detailed Information Security Policy may be viewed by requesting it at [email protected]
Under data protection laws, you have certain rights that we are obligated to inform you about. Some rights are applicable to everyone; other rights may depend on where you live and the reasons we have for using your information. Residents of the EU, California, and Nevada have additional rights, which are listed separately below.
We will not discriminate against you for exercising any of your data protection rights. However, if you limit the use of your information or close your account, we will not be able to offer you any products or services that require us to use that information.
9.1 Rights available to everyone
The rights listed in this section are available to you no matter where you live.
(i) Your right to know about the information that we have collected
You have the right to know what types of information we have collected, how we are using it, who we share it with, and how we collect it. We have tried to provide all the information in this Privacy Notice, but you can ask to confirm or explain our use of your information.
(ii) Your right to withdraw consent
If you have consented to the use of your information, you have the right to withdraw consent to use of your information at any time. You also have the right to unsubscribe from our group marketing emails.
(iii) Your right to object to the use of your information or to ask us to limit its use
You have the right to ask us to stop using your information in certain circumstances. You also have the right to ask us to stop using it in certain ways.
(iv) Your right to access your information and have errors corrected
You have the right to access and review your information and ask us to correct any information about you that you think is inaccurate. You also have the right to ask us to complete any information about you that you consider incomplete.
(v) Your right to complain about any suspected breach or misuse of your information
You have the right to notify us if you think we have allowed a breach or misuse of your information, and we have a duty to promptly investigate your claim, take corrective action where possible, and report to you what we have done.
(vi) Your right to a reasonable and timely response
You have the right to a timely response when you make a data protection request. We always reply as promptly as we reasonably can. In the EU and the UK, we must respond within 30 days. For California residents, we must respond within 45 days. We may not be able to completely resolve your issues in those time frames, but, if not, we will let you know the reasons.
9.2 Additional rights available to EU residents
If you are a citizen or resident of the EU, you have additional rights, as listed below.
(i) Your right to erasure
You have the right, in certain circumstances, to ask us to delete certain information and to no longer store or use it.
(ii) Your right to a portable copy of your information
You have the right to obtain an easily readable and transferable copy of the information that you have provided to us pursuant to a consent or for performance of a contract if we store it in an automated format. You may request that we transfer this copy of your information to you or to someone else.
9.3 Additional rights available to California residents
If you are a California resident, then you have additional rights, as listed below.
(i) Your right to access and data portability
In certain circumstances, you may have the right to request that we disclose to you information about our collection and use of your personal data in the preceding 12 months, including: (a) you have the right to know what specific information we have collected about you, (b) the categories of sources from which we collect or sell personal data, (c) the business or commercial purpose for which we collect personal data, (d) the categories of third parties with whom we share personal data, and (e) the categories of personal data disclosed for a business purpose or sold to third parties and the categories of third parties to whom such personal data was sold or disclosed. You have the right to obtain copies of it or to allow an agent to obtain copies of such information it. We are not allowed to share your information unless we receive sufficient verification that you or your authorized agent is the one requesting the information.
(ii) Your right to erasure
You have the right, in certain circumstances, to ask us to delete certain information and to no longer store or use it. This foregoing is subject to our right to maintain your personal data for specific purposes permitted under CCPA. If we are unable to comply with any such request, we will notify you.
(iii) Your right to opt out
You may have the right to request that your personal data is not sold to third parties. We do not sell your personal data for monetary consideration.
(iv) Your right to non-discrimination
You have the right to exercise any of the rights listed above (and any other rights under CCPA) without discrimination by us.
9.4 Additional right available to Nevada consumers
All companies are required to provide Nevada consumers a method to request that the company not sell their information. We do not sell your information, but, if you would like to submit a request not to sell your information, you may do so by sending an email to [email protected] with the text or subject “Do not sell my information.”
You can exercise any of your data protection rights in several ways. When a person makes a request to exercise their data protection rights, we refer to that request as a Data Subject Rights Request (DSRR). You can submit this request as follows:
California Residents can exercise their rights by submitting the form CCPA Data Rights – Everest Group (everestgrp.com) or by clicking on the Do Not Sell My Information tab on the footer of our website
11.1 Managing cookie preferences
11.2 Managing email preferences
If you have an account with Everest Group and are logged into it, you can select your email preferences through your account settings. You can select preferences to narrow the topics or the range of emails you receive. You also can select “email opt out” to opt out of group emails and email subscriptions. Even if you unsubscribe from some email subscriptions, we may still need to email you with transactional or non-subscription information. For our group marketing emails, you can unsubscribe via a link at the bottom of the email.
11.3 Calls and text messages
Some of our accounts and services allow you to provide your phone number to us. If you share your number with us, we may call or text you, for example, to provide you information about the services or materials we provide. We will contact you via phone or text only in accordance with applicable legal requirements.
11.4 Do Not Track (DNT)
California laws require us to let you know how we respond to DNT signals, which is a privacy preference that you can set in certain web browsers. Everest Group does not recognize or respond to browsers related to DNT signals, as the industry is currently working toward a common approach to responding to DNT.
11.5 Do not sell my information
We do not use your information to sell any third-party services or products. We do not allow other companies to advertise on our websites or to use the information you provide to us to sell their products or services. We do not engage in automated decision-making or profiling that could affect you or your rights. You can view a full listing of those third-party cookies and opt out of their use by clicking on the cookie preferences icon on the bottom left corner of our website, www.everestgrp.com. Please note that to the extent you are accessing everestgrp.com across multiple devices or platforms or if you clear your browser settings, you may have to opt out again.
Everest Group’s offices and servers are located in multiple countries, and your information may be processed on servers located outside of the country where you live. Data protection laws vary among countries, with some providing more protection than others. Regardless of where your information is used, we apply the same protections described in this Privacy Notice.
If you are a resident of the EU, we need to meet special protection requirements if we transfer your information from the EEA region to a location outside of the EEA region. We satisfy those requirements by having EU-approved contracts, called Standard Contractual Clauses, among all Everest Group companies. These contracts legally require that we protect your information to the standards set by the EU, even outside of the EU. If we transfer EU information outside of the EU to a non-Everest Group location, we will enter into Standard Contractual Clauses with the recipient or else ensure that the EU transfer requirements are met by other approved means.
We offer business and professional products and services that are not targeted to persons under the age of 18 years. Everest Group does not intentionally collect or maintain personal data about anyone under the age 18 years. If you are under 18 years old, please do not provide any personal data even if prompted to do so. If you believe that you have inadvertently provided your personal data, please ask your parent(s) or legal guardian(s) to notify us, and we will delete your personal data.
This Privacy Notice only covers our websites and actions. Our websites may link to other companies’ websites. Everest Group does not control those external websites, and we recommend that you review their privacy policies. This Privacy Notice does not cover the information used in connection with Everest Group employment, employment applications, recruitment, and contractors. Those areas are covered by separate policies available at the Privacy Notice for Applicants, Employees, and Contractors – Everest Group (everestgrp.com).
If you have any questions about this Privacy Notice or the privacy practices of Everest Group, you may contact us via email at [email protected] or via postal mail at the following address:
12770 Merit Drive Suite 800
Dallas, TX 75251 US
Our Data Protection Officer is Shaili Bhandari, and you can contact her at [email protected] or via the postal address above. You can also contact us via everestgrp.com/privacy-notice/data-rights to exercise your rights.
You have the right to lodge a complaint about the treatment of your personal information by contacting the data protection authorities in your home country or by contacting UK’s Information Commissioner’s Office at 0303 123 1113 or via https://ico.org.uk/concerns.
We are always reviewing our privacy practices to make sure they comply with this Privacy Notice. Sometimes, we may need to update the Privacy Notice to clarify information or reflect changes in our products, technology, or uses of information. When we post changes to this Privacy Notice, we will update the “last updated” date at the beginning of this Privacy Notice. We recommend that you periodically check this page to inform yourself of any changes in this Privacy Notice.