Compass Lexecon, LLC Privacy Practices
Effective Date: May 25, 2018.
Compass Lexecon, LLC understands that your privacy is important to you and is committed to safeguarding the confidentiality and privacy of personal information entrusted to it.
Scope of this policy
This policy applies to personal information which is collected and/or used by Compass Lexecon in its capacity as a controller as that term is defined in the EU data protection laws. The contexts in which this might occur are explored under “When do we collect personal information” below.
When we provide Services to clients, we sometimes handle personal information. This means that we process the information solely on the instructions of our clients, who retain control of the information. Therefore, if our use of your personal information is not covered by this policy, you may need to contact the client (and controller) on whose behalf the processing of your information is carried out.
|Compass Lexecon collects personal information from and on behalf of its clients (e.g. about their employees and customers) to provide economic consulting services to those clients. It also processes client personal information to manage its relationship with those clients. Further, Compass Lexecon also collects some personal information from visitors to this website, recruitment applicants, and attendees at Compass Lexecon events.
Compass Lexecon uses personal information to deliver its Services to clients. For its own purposes, it also uses personal information to analyse and improve how it delivers those services, to contact representatives of its clients or prospective clients and to market to them, and to administer recruitment and events.
If Compass Lexecon uses your personal information, you may have certain important rights which you can exercise. The rights you will be able to exercise will depend on how and why Compass Lexecon uses your information.
Who is your controller?
The Compass Lexecon entity responsible for your personal information will be the entity that originally collected information from or about you. If you have a direct interaction with a Compass Lexecon employee (for example, you attend a Compass Lexecon hosted event), the identity of your controller may be disclosed to you in connection with that interaction. If we process your personal information while providing our Services to clients, your controller will be the Compass Lexecon entity providing the Services (assuming those Services are provided as a controller, see above for an explanation).
When do we collect personal information?
We collect information about you if:
- you use the Compass Lexecon website;
- you enquire about, or engage Compass Lexecon to provide its Practice Areas (either in a personal capacity, or as a representative for your employer or client);
- the use of your personal information is reasonably necessary to provide our Services (in these circumstances, your personal information may be disclosed to us by our client who may, for example, be your employer or service provider, or we may obtain your personal information from a range of public or subscription sources, directly from you, or from your associates or persons known to you);
- you apply for a position with Compass Lexecon;
- you attend a Compass Lexecon hosted or sponsored event or webinar;
- you invest in stock (please see our investor relations site of our parent company, FTI Consulting, FTI Consulting Investor Relations for more information); or
- you contact us with any other enquiry, complaint or notice.
What types of personal information are collected and what do we use it for?
The following is a summary of the types of personal information we collect, and the purposes for which that information is used.
Compass Lexecon collects your name, company, e-mail address, telephone number, country, and comments and any other personally-identifiable information which you voluntarily provide as “comments” when you submit an inquiry through the “Contact” or “Subscribe to CL News”. Compass Lexecon also collects other background information about you in connection with career-related inquiries that you submit through its website.
Compass Lexecon’s Former, Current and Prospective Clients
If you submit an enquiry to Compass Lexecon about our Services (either over the website, or by emailing, telephoning or meeting with one of our colleagues), then we will process information such as your name, job title and contact information in order to respond to your enquiry.
If you attend a Compass Lexecon event or webinar, or if you associate with a Compass Lexecon colleague at, for example, an industry event, then Compass Lexecon may collect basic personal information, such as contact details, which you voluntarily provide (for example, by filling in a form or handing over a business card) in order to facilitate your participation in the event, and for the management of our relationship with you as an actual or prospective client.
If you or the organisation you are associated with becomes a Compass Lexecon client, then we may process your personal information in order to:
- Carry out “Know Your Client” checks and screening prior to starting a new engagement (as well as basic contact information, this may mean processing compliance related information such as proof of your identity, information about your professional background, history of directorships and, in some circumstance, details of any criminal convictions or adverse media coverage);
- Carry out client communication, service, billing and administration;
- Deal with client complaints; and
- Administer claims.
Taking account of applicable marketing laws, we also process personal information about our clients (former, current, and prospective) in order to:
- Send our clients newsletters, promotional material, and other marketing communications;
- Invite our clients to events (and arrange and administer those events).
Performing Services for Our Clients
As discussed above, many of our Services involve the processing of personal information. In the majority of cases, personal information is provided to us in strict confidence, subject to restrictive undertakings on its use / disclosure.
|Why is personal information used?||What legal bases are relied upon?|
|Compass Lexecon business provides economic and financial advisory services, in the fields of securities litigation, mergers or anti-trust investigations and compliance. This may include providing advice to clients, courts, tribunals and regulators. Inputs to some of these analyses may necessarily include personal information provided for that purpose by the client, or disclosed by another party to a regulatory or judicial process. Such information may include: names; salaries, benefits or other remuneration received; or decisions taken or choices made about spending or other matters.||Legitimate interest in providing economic and financial advisory services to clients, courts, tribunals and regulators in relation to a consideration of factors pertaining to staff, customers, the public interest, or other individual people or groups of people.|
If you apply for a position with Compass Lexecon, we will need to collect personal information in order to consider your application, and during any interview and assessment phase. If you contact us for any other reason, we will collect basic contact details, as well as any other personal information relevant to the reason for your enquiry, in order to resolve that enquiry.
What is our legal basis for collecting personal information?
All processing (i.e. use) of your personal information is justified by a “lawful basis” for processing. In the majority of cases, processing will be justified on the basis that:
- the processing is necessary for the performance of a contract to which you are a party, or to take steps (at your request) to enter into a contract (e.g. where you request certain Services as an individual client, or where we help advise your employer or service provider on fulfilling an obligation to you under a contract);
- the processing is necessary for us to comply with a relevant legal obligation (e.g. where we are required to collect certain information about our clients for tax or accounting purposes, or where we are required to make disclosures to courts or regulators); or
- the processing is in our legitimate interests, subject to due consideration for your interests and fundamental rights (this is the basis we rely upon for the majority of the processing of personal information in connection with the provision of our Services, and also for the purposes of most client on-boarding, administration and relationship management activities).
In limited circumstances, we will use your consent as the basis for processing your personal information, for example, where we are required by applicable law to obtain your prior consent in order to send you marketing communications.
Before collecting and/or using any special categories of data (as that term is defined in the GDPR), or criminal record data, we will establish a lawful exemption which will allow us to use that information. This exemption will typically be:
- your explicit consent;
- the establishment, exercise or defence by us or third parties of legal claims; or
- other uses allowed by applicable law including context specific exemptions provided for under local laws of EU Member States and other countries implementing the GDPR, such as in relation to the processing of special category data for the purposes of preventing or detecting fraud in relation to instructions from potential clients.
Disclosure of Personal Information to Third Parties
Compass Lexecon may share such information with its affiliates as necessary to carry out the purposes for which the information was supplied or collected. Similarly, third party contractors, consultants and/or vendors engaged by Compass Lexecon to provide services may have access to your personal information. These third parties will be subject to their own data protection requirements providing the same or greater level of security provided by Compass Lexecon and in most instances, will also have entered into a written agreement with Compass Lexecon which addresses the protection of your personal information.
Compass Lexecon may also disclose your personal information for the purposes of:
- responding to requests from law enforcement agencies, regulators or courts, or to subpoenas, search warrants, or other legal requests;
- the prevention and/or detection of crime;
- establishing legal rights or to investigate or pursue legal claims;
- a merger, acquisition or corporate restructuring to which Compass Lexecon is subject;
- preventing risk of harm to an individual.
International Hosting and Transfer of Information
Compass Lexecon is a global organization and may transfer certain personal information collected on its website across geographical borders to Compass Lexecon offices, personnel, or third parties located throughout the world. Compass Lexecon may also store such information in a jurisdiction other than where you are based including outside of the European Economic Area (“EEA”).
Compass Lexecon will take appropriate steps ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and interests. Transfers are limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights. To this end:
- Transfers of personal information to Compass Lexecon’s US offices are protected by the certification of Compass Lexecon’s parent company, FTI Consulting, Inc. certification under the EU-US and Swiss-US Privacy Shield schemes. A link to Compass Lexecon’s EU-US and Swiss-US Privacy Shield Policy is available here. Transfers to US based service providers may also be protected through reliance on the Privacy Shield.
- Where we transfer your personal information outside Compass Lexecon to third parties who help provide us with any of the activities described in this policy, we obtain contractual commitments (such as the Standard Contractual Clauses) from them in order to protect your personal information.
- Where we receive requests for information from law enforcement, courts or regulators (who may be based overseas), we carefully validate these requests before any personal information are disclosed.
You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above.
Compass Lexecon has reasonable technical safeguards, security policies and procedures in place to protect personal information from unauthorized loss, misuse, alteration, or destruction. Measures we take include placing confidentiality requirements on our staff members and service providers, limiting access to your personal information on a “need to know” basis, and providing training to appropriate Compass Lexecon personnel.
Despite Compass Lexecon’s best efforts, however, security cannot be absolutely guaranteed against all threats.
Retention of your personal information
Compass Lexecon retains your personal information for the period of time required for the purposes for which it was collected, any compatible purposes which we subsequently establish, or any new purposes to which you subsequently consent, or to comply with legal, regulatory and Compass Lexecon policy requirements. This period of time will usually be the period of your, or the relevant client’s, relationship or contract with Compass Lexecon plus a period reflecting the length of time for which legal claims may be made following the termination of such relationship or contract. Some information (such as call recordings, tax records and certain information required to demonstrate regulatory compliance) may need to be kept for longer. Personal information will be kept for a shorter or longer period of time if so required by law or a Compass Lexecon policy, if the information becomes subject to a legal hold (for example, following a communication from our regulator) or if we have identified through a data protection impact assessment that a different retention period is appropriate.
Your EEA Rights
If your personal information is processed by a Compass Lexecon entity in the EEA then, subject to certain exemptions, and dependent on how and why we use it, you have certain rights in relation to your personal information.
We may ask you for additional information to confirm your identity before disclosing any personal information to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
You can exercise your rights by contacting us. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
Right to Access
You have the right to access personal information which Compass Lexecon holds about you, together with certain information about how and why your personal information is processed.
Right to Rectification
You have a right to request us to correct your personal information where it is inaccurate or out of date.
Right to be Forgotten (Right to Erasure)
You have the right under certain circumstances to have your personal information erased. Your information can only be erased if it is no longer necessary for the purpose for which it was collected, and we have no other legal ground for processing the information.
Right to Restrict Processing
You have the right to restrict the processing of your personal information, but only where:
- its accuracy is contested, to allow us to verify its accuracy; or
- the processing is unlawful, but you do not want it erased; or
- it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
- you have exercised the right to object, and verification of overriding grounds is pending.
Right to Data Portability
You have the right to data portability, which requires us to provide personal information to you or another controller in a commonly used, machine readable format, but only where the processing of that information is based on (i) consent; or (ii) the performance of a contract to which you are a party. Please note that Compass Lexecon rarely relies upon consent as a legal basis, and the performance of a contract basis will only be relevant to the extent that you, as an individual, are party to a contract with Compass Lexecon or a client, and our use of your personal information is necessary for the performance of that contract.
Right to Object to Processing
You have the right to object to the processing of your personal information at any time, but only where that processing is based on our legitimate interests. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
If you reside in the European Economic Area (EEA) and would like to exercise your right to access, review, correct or discuss how your personal information is processed by Compass Lexecon please contact us at DPO-EU@compasslexecon.com.
If you reside outside of the EEA you can also make a request to update or remove information about you by contacting firstname.lastname@example.org. Compass Lexecon will make all reasonable and practical efforts to comply with your request, so long as it is consistent with applicable law and professional standards.
In addition, under applicable local law you may have the legal right to lodge a complaint with the relevant supervisory authority or local data protection authority.
Your California Rights
California law grants California residents certain rights and imposes restrictions on particular business practices as set forth below.
Right to Opt-out – California residents have the right to opt-out of our sale of their personal information. We do not and will not sell your personal information.
Minors – We do not sell personal information about residents who we know are younger than 16 years old.
Notice at Collection – We are required to notify California residents, at or before the point of collection of their personal information, the categories of personal information collected and the purposes for which such information is used.
Verifiable Requests to Delete, and Requests to Know – Subject to certain exceptions, California residents have the right to make the following requests, at no charge, up to twice every 12 months:
Right of Deletion: California residents have the right to request deletion of their personal information that we have collected about them, subject to certain exemptions, and to have such personal information deleted, except where necessary for any of a list of exempt purposes.
Right to Know – Right to a Copy: California residents have the right to request a copy of the specific pieces of personal information that we have collected about them in the prior 12 months and to have this delivered, free of charge, either (a) by mail or (b) electronically in a portable and, to the extent technically feasible, readily useable format that allows the individual to transmit this information to another entity without hindrance.
Right to Know – Right to Information: California residents have the right to request that we provide them certain information about how we have handled their personal information in the prior 12 months, including the:
- categories of personal information collected;
- categories of sources of personal information;
- business and/or commercial purposes for collecting and selling their personal information;
- categories of third parties/with whom we have disclosed or shared their personal information;
- categories of personal information that we have disclosed or shared with a third party for a business purpose; and
- categories of third parties to whom the residents’ personal information has been sold and the specific categories of personal information sold to each category of third party.
Submitting Requests – Requests to exercise the right of deletion, right to a copy, and / or the right to information may be submitted to email@example.com or by contacting us at 833-708-0303 (toll free). We will respond to verifiable requests received from California consumers as required by law.
Right to Non-Discrimination, and Incentives – The CCPA prohibits discrimination against California residents for exercising their rights under the CCPA and imposes requirements on any financial incentives offered to California residents related to their personal information.
California Privacy Rights under California’s Shine-the-Light Law
Under California’s “Shine the Light” law (Cal. Civ. Code § 1798.83), California residents who provide us certain personal information are entitled to request and obtain from us, free of charge, information about the personal information (if any) we have shared with third parties for their own direct marketing use. Such requests may be made once per calendar year for information about any relevant third party sharing in the prior calendar year. California residents who would like to make such a request may submit a request in writing using the contact information provided below. The request should attest to the fact that the requester is a California resident, and provide a current California address.
Compass Lexecon may send you information related to its services, products and events that we believe are of interest to you. This information may be sent by post or via email. We are also including a custom preference center for CL which should allow the user to select which region(s), topics, etc. news they would like to receive. If at any point you no longer prefer to receive marketing communications from Compass Lexecon you can (i) unsubscribe from Compass Lexecon communications sent by email using a link provided in marketing emails sent from Compass Lexecon; or (ii) contact us to exercise your right to prevent all forms of marketing (both post and email).
Compass Lexecon’s websites are not intentionally designed for or directed at children under the age of 13. It is Compass Lexecon’s policy never to knowingly collect or maintain information about anyone under the age of 13, except as part of an engagement to provide professional services.
Changes to this Policy
If you have questions or concerns regarding this policy or Compass Lexecon’s personal data processing policies, please contact Compass Lexecon at: firstname.lastname@example.org.
If you reside in the EEA and have questions or concerns regarding this policy or processing of your personal information by Compass Lexecon please contact us at DPO-EU@compasslexecon.com.
In all cases where legitimate interests are relied upon as a lawful basis for processing Personal Data, Compass Lexecon takes steps to ensure that its legitimate interests are not outweighed by any prejudice to the rights and freedoms of the underlying data subjects. This is achieved in several ways, including through the application of principles of data minimisation and security, and by taking steps to ensure that personal information is only collected or otherwise obtained where it is relevant to the provision of Services to a client, and where access to personal information for Compass Lexecon is reasonably necessary for the provision of those Services.
Effective Date: May 25, 2018.
What are Cookies and other Tracking Technologies?
A cookie is a small text file containing small amounts of information that a website puts on a user’s computer (or mobile device) when you visit a website and is used by the website to send information to your browser and for the browser to return information to the website.
What types of Cookies may be used?
First party cookies – First party cookies are set by the Compass Lexecon website you are visiting and they can only be read by Compass Lexecon.
Session cookies – Session cookies are used by the server to store information about user page activities, so users can easily pick up where they left off on the server’s pages. These are temporary cookie files, which are erased when you close your browser, and when you restart your browser and go back to the site that created the cookie, the website will not recognize you. You will have to log back in (if login is required) or select your preferences/themes again if the website uses these features. A new session cookie will be generated, which will store your browsing information and will be active until you leave the site and close your browser.
Persistent cookies – Persistent cookies are employed to store user preferences. These files stay in one of your browser’s subfolders until you delete them manually or your browser deletes them based on the duration period contained within the persistent cookie’s file. For Information on session and persistent cookies, see here.
Third party cookies – Third party cookies are set by a different organization to the owner of the website you are visiting. For example, the website might use a third-party analytics company that will set its own cookies to perform this service (for example, as described below, this website uses Google Analytics).
What cookies does Compass Lexecon websites use?
A list of all the cookies used on this site by category is detailed below.
Note: This website does not use any cookies which retain personal information about you after your session ends.
The table below provides additional details on the specific cookies used on Compass Lexecon’s website:
|GA1.2.1037100184.1515086513||Third Party Cookies||Addthis (marketing information)|
|ouid||Third Party Cookies||Addthis (marketing information)|
|uid||Third Party Cookies||Addthis (marketing information)|
|uvc||Third Party Cookies||Addthis (marketing information)|
|ssc||Third Party Cookies||Addthis (marketing information)|
|mus||Third Party Cookies||Addthis (marketing information)|
|loc||Third Party Cookies||Addthis (marketing information)|
|__utmz||Third Party Cookies||FontAwesome (font information)|
|__utma||Third Party Cookies||FontAwesome (font information)|
|_ga||Third Party Cookies||FontAwesome (font information)|
|SIDCC||Third Party Cookies||Google Analytics|
|1P_JAR||Third Party Cookies||Google Analytics|
|APISID||Third Party Cookies||Google Analytics|
|SID||Third Party Cookies||Google Analytics|
|HSID||Third Party Cookies||Google Analytics|
|SAPISID||Third Party Cookies||Google Analytics|
|NID||Third Party Cookies||Google Analytics|
|SSID||Third Party Cookies||Google Analytics|
|__utmzz||Third Party Cookies||Google Analytics|
|__reff||Third Party Cookies||Google Analytics|
|_gaexp||Third Party Cookies||Google Analytics|
Compass Lexecon websites also uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”) to help analyze how users use the site, for example which pages are most frequently visited. The information generated by a Google Analytics cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
What if I don’t want cookies to be used?
By using Compass Lexecon’s website you agree that Compass Lexecon can place cookies on your device as explained above. If you want to remove existing cookies from your device you can do this using your browser options. If you want to block future cookies from being placed on your device you can change your browser settings to do this. Please note that if you use your browser settings to block the use of all Cookies it may impact certain functionality on the Compass Lexecon websites or degrade your browsing experience.
If you have questions or concerns regarding this policy or Compass Lexecon’s personal data processing policies, please contact Compass Lexecon at: email@example.com.
EU-US AND SWISS-US PRIVACY SHIELD POLICY
EU-US and Swiss-US Privacy Shield
Under the certification of its parent company, FTI Consulting, Inc., Compass Lexecon complies with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (collectively the “Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the member countries of the European Union (EU), the European Economic Area (EEA), and Switzerland to the United States (“Personal Information”). FTI Consulting, Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view FTI Consulting’s certifications, please visit www.privacyshield.gov.
FTI Consulting’s participation in the Privacy Shield applies to personal data received from the EU/EEA and Switzerland. Compass Lexecon will comply with the Privacy Shield Principles in respect of such personal data. Some types of Personal Information may be subject to additional privacy-related requirements and policies, which are consistent with the Privacy Shield Principles. For example:
- Personal Information regarding and/or received from clients is also subject to any specific agreement with, or notice to, the client, as well as additional applicable laws and professional standards.
- Personal Information regarding Compass Lexecon personnel is subject to internal human resource policies.
Types of Personal Information Collected and Purpose for Collection
Personal Information from Client Engagements: Compass Lexecon provides professional consulting services to its clients. Compass Lexecon’s clients may send Personal Information to it for processing on their behalf as part of the consulting services they have purchased. For example, Compass Lexecon may receive Personal Information such as name, email address, employment information, or financial data. Compass Lexecon uses any such Personal Information to perform services for its clients and to administer and manage its relationships with its clients.
In the event that a client engagement involves a transfer of Personal Information from the EU to the United States, the relevant clients are responsible for providing appropriate notice, where required, to the individuals whose Personal Information may be transferred to Compass Lexecon, including providing individuals with certain choices with respect to the use or disclosure of their Personal Information, and obtaining any requisite consent. Compass Lexecon handles such Personal Information in accordance with its clients’ instructions.
Personal Information Regarding Compass Lexecon Employees: Compass Lexecon may transfer Personal Information regarding Compass Lexecon personnel. This Personal Information may include, without limitation, business contact information, employee ID, job role and reporting line, demographic information, work history, compensation and performance ratings. Compass Lexecon uses such information to administer and manage its business.
Choice and Accountability for Onward Transfer
Information Security and Data Integrity
Compass Lexecon has reasonable security policies and procedures in place to protect Personal Information from unauthorized loss, misuse, alteration, or destruction.
Despite Compass Lexecon’s best efforts, however, security cannot be absolutely guaranteed against all threats. To the best of Compass Lexecon’s ability, access to your Personal Information is limited to those who have a need to know.
If Compass Lexecon holds your Personal Information, under most circumstances you have the right to reasonable access to that data to correct any inaccuracies. You can also make a request to update or remove information about you by contacting, firstname.lastname@example.org who will make all reasonable and practical efforts for its business practices to comply with your request, as long as it is consistent with applicable law and professional standards.
Recourse, Enforcement and Liability
Compass Lexecon commits to resolve complaints about your privacy and its collection or use of your Personal Information in compliance with the EU-US and Swiss-US Privacy Shield Principles. Please contact FTI Consulting at: email@example.com should you have a Privacy Shield-related (or general privacy-related) complaint.
If you are a resident of the EU/EEA, and you have a complaint related to this Policy that cannot be resolved with Compass Lexecon directly, you may report your claim to the EU/EEA Data Protection Authorities located in your jurisdiction. If you are a resident of Switzerland, and you have a complaint related to this Policy that cannot be resolved with Compass Lexecon directly, you alternatively may report your claim to the Swiss Data Protection Authority (Federal Data Protection and Information Commissioner). As further explained in the Privacy Shield Principles, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means.
Compass Lexecon is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
Changes to this Policy
FTI Consulting reserves the right to make changes to this EU – US and Swiss – US Privacy Shield Policy from time to time. Compass Lexecon will notify you by posting amendments on this website.
Questions and Comments
If you have questions or concerns regarding this policy or Compass Lexecon’s Personal Information processing policies, please contact Compass Lexecon at: firstname.lastname@example.org.