Privacy Policy Banner

Privacy Statement

Huron Consulting Group Inc. and its subsidiaries and affiliates ("Huron" or "we" or "our" or "us") are committed to protecting your privacy when you interact with us.

This Privacy Statement ("Privacy Statement" or "Statement") sets out the privacy practices for Huron with respect to Personal Data ("Personal Data") (which means any information that relates to, identifies, describes, or can be reasonably associated or linked with a natural person or household) we obtain from and about individuals interacting with Huron and its websites, mobile applications, and services (collectively the "Services").

Please read the information below to learn about the Personal Data collected about you and how it is used. Please note that there is a separate Terms of Use found in the "Terms & Conditions" (hyperlink located at the bottom of our website). We may revise this Privacy Statement from time to time and will do so by posting additions or modifications to this page. The most current version of the Statement can always be reviewed by clicking on the "Privacy Statement" link located at the bottom of our website.

If you are a resident of California, Colorado, Connecticut, Montana, Oregon, Texas, Utah, Virginia, the European Union ("EU"), European Economic Area ("EEA"), Switzerland, United Kingdom ("UK"), Canada, Singapore, and India you may be entitled to certain individual rights under the California Consumer Privacy Act of 2018 [as amended by the California Privacy Rights Act of 2020 ("CPRA")] (collectively, "CCPA"), Virginia Consumer Data Protection Act ("VCDPA"), Colorado Privacy Act ("CPA"), Connecticut Act Concerning Personal Data Privacy and Online Monitoring ("CTDPA"), Montana Consumer Data Privacy Act (“MCDPA”), Oregon Consumer Privacy Act (“OCPA”), Texas Data Privacy and Security Act (“TDPSA”), Utah Consumer Privacy Act ("UCPA"), or the General Data Protection Regulation ("GDPR"), the UK Data Protection Act 2018, the Personal Information Protection and Electronic Documents Act ("PIPEDA"), the Personal Data Protection Act ("PDPA"), and the Information Technology Act ("IT Act"), respectively. Please see the Notice to Certain Residents of Data Subject Rights of our Privacy Statement for a description of your rights and how to exercise them for users located in California, Colorado, Connecticut, Montana, Oregon, Texas, Utah, Virginia, EEA/Switzerland, UK, Canada, Singapore, and India.

Types of Personal Data Collected

The type of Personal Data we collect depends on how you use Huron's Services. We may collect the following categories of information about you that are described in more detail below: (A) information you provide to us, (B) sensitive information, (C) information we may automatically collect about you (D) cookies & technologies used to collect information about you, and (E) information we may receive from third parties. All the information listed in (A)-(E) above, are detailed below:

A. Information You Provide to Us

When you visit our publicly available website, we may collect the following categories of information, including Personal Data, from you:

  • Individual identifiers, such as name, username, contact information such as mailing address, phone number, and email address;
  • Event registrations and preferences;
  • Feedback and reviews or request for support;
  • Log files, information collected by cookies and similar technologies about the pages viewed, links clicked and other actions taken when accessing our website, which may be considered Personal Data under applicable laws (see our Cookie Policy for more information); and
  • Activities, interactions, preferences, transactional information, and other computer and connection information (such as IP address) relating to the use of our website and our Services.

If you connect with Huron through our Services as a lead (a/k/a prospective clients/customers) or an actual client/customer, we may collect:

  • Individual identifiers such as a full name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, or telephone number, account name, or other similar identifiers;
  • Racial or ethnic origin information;
  • Social Security Number;
  • Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99);
  • Financial and billing information;
  • Event registrations and preferences;
  • Feedback and reviews or request for support;
  • Activities, interactions, preferences, transactional information and other computer and connection information;
  • Resumes and information relevant to our market research activities that: you provide to us directly; we receive about you from referrals; or we collect from publicly available sources and websites.

If you connect with Huron through our Services as a job applicant:

  • Individual identifiers such as a full name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, or telephone number, account name, or other similar identifiers;
  • Racial or ethnic origin information;
  • Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99);
  • Resume, application, candidate profile, or interview logistics information during the recruiting process. The sources of employment application information include yourself (when you provide Personal Data directly to us, for example, through our job postings portal on this website), publicly available information (such as information on job posting websites), and external recruiting sources (such as professional recruiting or placement agencies).

Huron also collects Personal Data from other Huron subsidiaries and affiliates. In addition, Huron may collect Personal Data from service providers who provide Services to us, such as web analytics providers.

B. Sensitive Information

With your consent, we may process the following categories of sensitive Personal Data when you use our Services:

  • Precise Geolocation data;
  • Racial or ethnic origin information; and
  • Social Security Number.

C. Information We May Automatically Collect About You

Our Services may automatically collect the following categories of usage and technical Personal Data about you. This information is used by Huron for the operation of the Services, to maintain quality of the Services, and to provide general statistics regarding use of the Services. This information may include:

  • IP address, which is the number associated with the service through which you access the Internet, like your ISP (internet service provider);
  • Date and time of your visit or use of our Services;
  • Domain server from which you are using our Services;
  • Type of computer, web browsers, search engine used, operating system, or platform use of our Services;
  • Data identifying the web pages you visited prior to and after visiting our website or use of our Services;
  • Your movement and activity within the website, which is aggregated with other information; and
  • Mobile device information, including the type of device you use, operating system version, and the device identifier (or "UDID").

D. Cookies & Technologies Used to Collect Information About You

We and/or certain service providers operating on our behalf may collect information about your activity, or activity on devices associated with you over time, on our sites and applications, and across non-affiliated websites or online applications. We may collect this Personal Data by using certain technologies, such as cookies, web beacons, pixels, third party libraries, and other similar technologies. Third-party service providers, advertisers, and/or partners may also view, edit, or set their own cookies or place web beacons.

  • Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting, you may be unable to access certain parts of our Services. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our website.
  • Web Beacons. Website pages may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages and for other related statistics (for example, recording the popularity of certain content and verifying system and server integrity). We also use these technical methods to analyze the traffic patterns, such as the frequency with which our users visit various parts of the Services. These technical methods may involve the transmission of information either directly to us or to a third party authorized by us to collect information on our behalf. Our Services use retargeting pixels from Google, Facebook, and other ad networks. We also use web beacons in HTML emails that we send to determine whether the recipients have opened those emails and/or clicked on links in those emails.
  • Analytics. Analytics are tools we may use, such as Google Analytics, to help provide us with information about traffic to our website and use of our Services, which Google may share with other Services and websites who use the collected data to contextualize and personalize the ads of its own advertising network. You can view Google&'s Privacy Practices here: Privacy Policy – Privacy & Terms – Google.
  • Mobile Application Technologies. If you access our website and Services through a mobile device, we may automatically collect information about your device, your phone number, and your physical location.

Our use of online tracking technologies may be considered a "sale" or "sharing" under certain laws. To the extent that these online tracking technologies are deemed to be a "sale" or "sharing" under certain laws, you can opt-out of these online tracking technologies by submitting a request via Exercising Your Privacy Rights or by broadcasting an opt-out preference signal, such as the Global Privacy Control ("GPC"). Please note that some features of our website may not be available to you as a result of these choices. To learn more about the Cookies used on our Services, please see our Cookies Policy here.

E. Information We May Receive from Third Parties

We may collect additional Personal Data about you from third-party websites, social media platforms and/or sources providing publicly available information (e.g., from the U.S. postal service) to help us provide Services to you, help prevent fraud, and for marketing and advertising purposes.

This Privacy Statement only applies to information collected by our Services. We are not responsible for the privacy and security practices of those other websites or Social Media Platforms or the information they may collect (which may include IP address). You should contact such third parties directly to determine their respective privacy policies. Links to any other websites or content do not constitute or imply an endorsement or recommendation by us of the linked website, Social Media Platform, and/or content.

How We Use Personal Data

Huron collects and uses Personal Data for things that may include, but are not limited to, the following:

  • To provide you with the Services and information you request;
  • Personalizing information about our Services;
  • To respond to your inquiries and questions and provide customer service;
  • For general or targeted marketing and advertising purposes, including sending you promotional material or special offers on our behalf or on behalf of our marketing partners and/or their respective affiliates and subsidiaries and other third parties, provided that you have not already opted-out of receiving such communications;
  • Personalizing your experience on our website, such as providing recommendations based on your industry or past behavior on the website;
  • To manage, improve, and foster relationships with third-party service providers, including vendors, suppliers, and parents, affiliates, subsidiaries, and business partners;
  • Maintain, improve, customize, or administer the Services, perform business analyses, or other internal purposes to improve the quality of our business, the Services, resolve technical problems, or improve security or develop other products and Services;
  • Providing Services, training and education, tools (such as Huron Software accelerators), products (such as books), and support to our customers, which may also be necessary for the performance of a contract with you;
  • Conducting business with our suppliers and other entities, including market research activities;
  • Considering candidates for job vacancies with Huron entities, including all elements of the procedure leading up to making a decision whether to offer, subject to any appropriate background checks, the applicant a position. Some job applicant data processing may also be necessary to comply with legal obligations;
  • For future recruiting activities related to employment;
  • Providing online education for teaching certificates and arranging temporary placements to enable students of such programs to obtain practical experience;
  • To fulfill contracts we have with you;
  • Comply with our Terms & Conditions;
  • Analytics for business purposes and business intelligence;
  • Comply with any applicable laws and regulations and respond to lawful requests; and/or
  • Other purposes disclosed at the time of collection or otherwise compatible with the above and applicable law; or
  • For any other purposes disclosed to you at the time we collect your Personal Data and/or pursuant to your consent.

In instances where Personal Data is transferred to Huron through a client data controller and Huron is acting as the processor, the processing is necessary for the performance of a contract or for our legitimate interest to provide the requested Services to our clients. Huron will assist the client data controller in complying with its legal obligations, discussed below in the Additional Information for Individuals Located in Europe section, where applicable.

With Whom We Share Personal Data

Huron may share or disclose Personal Data we collect with the following entities and for the following purposes:

  • Information Shared with our Subsidiaries and Affiliates: We may share your Personal Data with our subsidiaries and affiliates who process Personal Data on behalf of Huron for the purposes of supporting and providing Services to our customers.
  • Third-Party Service Providers: We may share your Personal Data with third-party service providers that perform certain functions or Services on our behalf (such as to host the Services, manage databases, perform analyses, process credit card payments, provide customer service, or send communications for us). These third-party service providers are authorized to use your Personal Data only as necessary to provide these Services to us. In some instances, we may aggregate Personal Data we collect so third parties do not have access to your Personal Data to identify you individually. Service providers contracted to provide Services on behalf of Huron for discrete business purposes include, but are not limited to, provision of IT related Services, event planning, talent recruiting, market research interviewees and providers, and travel services.
  • Disclosure of Information for Legal and Administrative Reasons: We may disclose your Personal Data without notice (i) when required by law or to comply with a court order, subpoena, search warrant, or other legal process; (ii) to cooperate or undertake an internal or external investigation or audit; (iii) to comply with legal, regulatory, or administrative requirements of governmental authorities (including, without limitation, requests from the governmental agency authorities to view your Personal Data); (iv) to protect and defend the rights, property, or safety of us, our subsidiaries and affiliates, and any of their officers, directors, employees, attorneys, agents, contractors, and partners, and the website Service users; (v) to enforce or apply our Terms & Conditions; and (vi) to verify the identity of the user of our Services.
  • Business Transfers: We may disclose Personal Data to a third party where we: (i) merge with or are acquired by another business entity; (ii) sell all or substantially all of our assets; (iii) are adjudicated bankrupt; or (iv) are liquidated or otherwise reorganize.
  • Training Partners: We may share Personal Data with entities with whom Huron works in providing a service, such as educational establishments with whom Huron collaborates to provide training and certification, and organizations at which Huron arranges for students to obtain practical experience.
  • De-Identified or Aggregated Data: We may share your Personal Data on an aggregated basis for any purpose in which your specific Personal Data is blinded, masked, or otherwise not identifiable.
  • With your Consent: We may share Personal Data consistent with this Privacy Statement with your implied consent.

Huron may disclose Personal Data in special cases when we have a good faith belief that it is necessary: (a) to conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements; (b) to protect and defend our rights or property; (c) to enforce the website Terms and Conditions; or (d) to protect the interests of our users or others.

Categories of Personal Data Sold

We may sell the below categories of Personal Data. For purposes of this Privacy Statement, "sell", "sold" or "sale" means the disclosure of Personal Data for monetary or other valuable consideration but does not include, for example, the transfer of Personal Data as an asset that is part of a merger, bankruptcy, or other disposition of all or any portion of our business.

Category of Personal Data Examples of Personal Data Disclosed
Identifying Information Name, mailing address, email address, phone number, date of birth, and other identifiers.
Payment Information Your name and billing totals for payment and invoice processing. Note that we use third party payment processors to facilitate your payments and do not store your payment card information.
Usage and Technical Information Information about your interaction with our website and content on third-party sites or platforms, such as social networking sites (e.g. IP address; browsing history; search history; device information; information about user's interaction with website, such as scrolling, clicks, and mouse-overs via cookies, pixel tags, web beacons, transparent GIFs; browser information; operating system and platform; geolocation information; user content (e.g. photos, videos, audio, images, social media /online posts, first-party works).

Links to Other Websites

Our Services may contain links to other websites or Services that are not owned or controlled by us, including links to Social Media Platforms such as Facebook, Instagram, or YouTube, or may redirect you off our website away from our Services.

Information Security

We use commercially reasonable and appropriate administrative, physical, and technical security measures to provide our Services and safeguard your Personal Data. However, no data transmitted over the Internet or stored or maintained by use or our third-party service provider can be completely secure. Therefore, we do not promise or guarantee, and you should not expect, that your Personal Data or private communications will always remain private or secure. We do not guarantee that your Personal Data will not be misused by third parties. We are not responsible for the circumvention of any privacy settings or security features. You agree that we will not have any liability for misuse, access, acquisition, deletion, or disclosure of your Personal Data.

If you believe that your Personal Data has been accessed or acquired by an unauthorized person, you should promptly Contact Us so that necessary measures can quickly be taken.

Retention of Data

We will retain your Personal Data for as long as needed to provide you Services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. We will retain and use your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. In accordance with our routine record keeping, we may delete certain records that contain Personal Data you have submitted to us. We are under no obligation to store such Personal Data indefinitely and disclaim any liability arising out of, or related to, the destruction of such Personal Data.

Choices You Have About How Huron Uses Your Personal Data

We strive to provide you with as many choices and as much control as possible regarding the Personal Data you provide to us.

  • Marketing Communications. If you do not want to receive marketing and promotional emails from us, you may click on the "unsubscribe" link in the email to unsubscribe and opt-out of marketing email communications or see Contact Us below for more information.
  • Opting Out of Direct Marketing by Third Parties. To exercise choices regarding the marketing information you receive, you may review the following links:

If you have questions, complaints or concerns regarding this Privacy Statement or wish to access your Personal Data, or update, change or remove your Personal Data, please contact privacy@hcg.com, or send mail addressed to:

Huron Consulting Group Inc.
Attn: Chief Privacy Officer
550 W Van Buren St, Chicago IL 60607

If you wish to opt out of receiving marketing or other communications, you can either respond using the opt out button in the relevant communication, or by contacting us by one of the methods listed above.

Children's Privacy

This website is not intended for children under the age of sixteen (16). We will not knowingly collect Personal Data from website visitors in this age group. By using the site, you represent that you are age sixteen (16) or over. If we become aware that a user under sixteen (16) (or a higher age threshold where applicable) and has provided us with Personal Data, we will take steps to comply with any applicable legal requirements to remove such Personal Data. In the event we become aware that we have collected Personal Data from a child under the age of sixteen (16), we will dispose of that Personal Data immediately. Contact us if you believe that we have mistakenly or unintentionally collected Personal Data from a child under the age of sixteen (16).

Geographic Location of Data Storage and Processing

Our Services are targeted to individuals located in the United States. As such, the Services collect Personal Data and process and store that Personal Data in databases located in the United States. If you are visiting the Services from a country outside the United States, you should be aware that you may transfer personally identifiable information about yourself to the United States, and that the data protection laws of the United States may not be as comprehensive as those in your own country. By visiting the Services and submitting any personally identifiable information you consent to the transfer of such personally identifiable information to the United States.

Difficulty Accessing Our Privacy Statement

Individuals with disabilities who are unable to usefully access our Privacy Statement online may Contact Us to inquire how they can obtain a cop of our Privacy Statement in another, more easily readable format.

"Do Not Track" Signals

We do support "Do Not Track." Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable "Do Not Track" by visiting the "Preferences" or "Settings" page of your web browser. Do Not Track is different from Global Privacy Controls ("GPC"), which may notify websites of consumers' privacy preferences regarding the sale or sharing of Personal Data, or the use of sensitive personal information.

Changes in this Privacy Statement

We reserve the right to change, modify, or amend this Privacy Statement at any time to reflect changes in our products and service offerings, accommodate new technologies, regulatory requirements, or other purposes. If we modify our Privacy Statement, we will update the "Effective Date" and such changes will be effective upon posting. It is your obligation to check our current Privacy Statement for any changes.

 

Notice to Certain Residents of Data Subject Rights

  • Additional Information
    • Additional Information for Individuals Located in Canada

      Supplemental Information for Individuals Located in Canada

      This supplemental section of Huron’s Privacy Statement is directed at and applies to individuals located in Canada, or where applicable Canadian data protection laws apply (Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec’s Act Respecting the Protection of Personal Information in the Private Sector, and British Columbia’s Personal Information Protection Act).

      Your Canadian Privacy Rights

      If you are visiting the website from Canada or where applicable Canadian data protection laws so provide, you may exercise the following rights regarding your Personal Data:

      • Access. You have the right to obtain from us confirmation if your Personal Data is being processed and certain related information.
      • Rectification. You have the right to request the amendment of inaccurate Personal Data and to have incomplete data completed. When Huron has implemented a rectification or amendment, Huron will notify those third parties that have received the Personal Data in the last year to also rectify the Personal Data. If Huron contests the request to rectify, Huron will also notify third parties that have received the applicable Personal Data in the last year of the request to rectify and that Huron has contested the rectification.
      • Erasure. (Note: This right is provided to individuals located in Quebec) You may request to erase your Personal Data if it is no longer necessary for the purposes for which we have collected it, you have withdrawn your consent, and no other legal grounds for the processing exists.
      • Right to lodge a complaint. You also have the right to lodge a complaint with the Office of the Privacy Commissioner of Canada (or appropriate province specific authority), in particular in the jurisdiction of your residence, or the location where the issue that is the subject of the complaint occurred.
      • Right to refuse or withdraw consent. Please note that in case we ask for your consent to certain processing, you are free to refuse to give consent and you can withdraw your consent at any time without any adverse consequences. The lawfulness of any processing of your Personal Data that occurred prior to the withdrawal of your consent will not be affected.
      • Right to Access our Privacy related policies and procedures. You have a right to access and examine some of our privacy program policies and procedures, particularly those that contain the following information:
        • The name or title and the address of the personnel responsible for Huron’s policies and practices and to whom complaints or inquiries can be forwarded;
        • The means of gaining access to Personal Data held by Huron;
        • A description of the type of Personal Data held by the organization, including a general account of its use;
        • A copy of any brochures or other information that explains Huron’s policies, standards, and codes; and
        • What Personal Data is made available to Huron’s affiliates or related companies.

      You may also revoke your consent for processing of your Personal Data. If you wish to object to the use and processing of your Personal Data or withdraw consent to this Privacy Statement, you can contact us in the following ways:

      Online Form: Exercising Your Privacy Rights

      Email: privacy@hcg.com

      Call us: 1-866-229-7219 (toll free) and ask for Huron’s Chief Privacy Officer

      Write us:

      Huron Consulting Group Inc.
      Attn: Chief Privacy Officer
      550 W Van Buren St, Chicago IL 60607

      The requests above will be considered and responded to in thirty (30) days. Huron may need to expand this time for an additional thirty (30) days in limited circumstances. Huron will notify you if we are required to use that expanded time. Note, certain Personal Data may be exempt from such requests. We may require additional information from you to confirm your identity in responding to such requests.

      You have the right to lodge a complaint with the Office of the Privacy Commissioner of Canada (or appropriate province specific authority) applicable to you and your situation, although we invite you to contact us with any concern as we would be happy to try and resolve it directly. Please contact us at:

      Email: privacy@hcg.com

      Call us: 1-866-229-7219 (toll free) and ask for Huron’s Chief Privacy Officer

      Write us:

      Huron Consulting Group Inc.
      Attn: Chief Privacy Officer
      550 W Van Buren St, Chicago IL 60607

      Regardless of our reason for retaining your Personal Data, we delete all Personal Data in accordance with our routine record keeping policies.

    • Additional Information for Residents of California

      Supplemental Information for Residents of California

      This supplemental section of Huron’s Privacy Statement is directed at and applies to a limited subset of individuals who interact with Huron, who are verifiable residents of the state of California, and who are not otherwise exempted from the California Consumer Privacy Act (CCPA).

      To the extent any California data privacy law applies to the collection of your Personal Data, this supplemental section of our Privacy Statement outlines the rights that California residents may have, and how they can exercise those rights. This notice applies solely to California residents. We provide the supplemental selection below to comply with the California Consumer Privacy Act [as amended by the California Privacy Rights Act (referred to collectively hereinafter as CCPA)] and any terms defined in the CCPA have the same meaning when used below.

      Your California Consumer Privacy Rights

      If you are a resident of California, you have the following specific additional privacy rights under the law:

      • Right to Know and Access Specific Information. You have the right to request that we disclose certain information to you about our collection and use of your Personal Data over the past twelve (12) months. Once we receive and confirm a verifiable consumer request from you, we will disclose to you, to the extent permitted by law:
        • The categories of Personal Data we collected about you, and whether we sell or share your information to third parties.
        • The specific pieces of Personal Data we hold about you.
        • The categories of Personal Data sold within the last twelve (12) months.
        • The categories of sources from which Personal Data about you is collected.
        • Our business or commercial purpose for collecting, selling, or sharing your Personal Data.
        • The categories of third parties with whom your Personal Data is sold, shared, or disclosed for a business purpose.

      You have the right to request that the Personal Data described above be provided to you in a portable and readily useable format, to the extent technically feasible (“data portability”).

      • Right to Request Deletion of Personal Data. California residents have the right to request that we delete Personal Data about them which we collected from them. Our obligation to delete Personal Data is limited by the law, and we are not required or able to comply with requests in all instances; for example, if it is necessary for us to maintain Personal Data in order to complete a transaction with the consumer, detect or protect against security incidents or other illegal or deceptive activity, exercise our free speech or other rights provided by law or protect the lawful rights of another consumer, comply with other certain legal obligations, or enable internal uses of the personal information in a lawful manner compatible with the context in which the consumer provided the information or would expect it to be used based on their relationship with us. To the extent we can delete your Personal Data, once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Data, unless an exception applies.
      • Right to Correct Inaccurate Information. To the extent that we may maintain inaccurate Personal Data, you have the right to request that we correct such inaccurate Personal Data taking into account the nature of the Personal Data and the purposes of the processing of the Personal Data. Once we receive and verify your verifiable consumer request, we will use commercially reasonable efforts to correct your Personal Data.
      • Sale and Sharing of Personal Data and the Right to Opt Out. You have the right to opt out of the processing of your Personal Data for the following purposes:
        • Sale of your Personal Data
        • Sharing of Personal Data for cross-context behavioral advertising.

      The use of online tracking technologies may be considered a “sale” or “sharing” under California law. To the extent that these online tracking technologies are deemed to be a “sale” or “sharing” under California law, you may opt out of these online tracking technologies by submitting a request via Exercising Your Privacy Rights or by broadcasting an opt-out preference signal, such as the Global Privacy Control (GPC).

      • Right to Limit Use and Disclosure of Sensitive Personal Information. You have the right to request that we limit the use and disclosure of sensitive personal information (as defined by CCPA) only to that use, which is necessary for us to perform the Services, or deliver the goods reasonably expected and as authorized by law. Once we receive and verify your verifiable consumer request, we will limit our use of your sensitive personal information and will instruct our service providers to do the same.
      • Right to Non-Discrimination You have a right to not be discriminated against in the Services or quality of Services you receive from us for exercising your rights. We may not, and will not, treat you differently because of your data subject request activity. As a result of your data subject request activity, we may not and will not deny goods or Services to you, charge different rates for goods or Services, provide a different level quality of goods or Services, or suggest that we would treat you differently because of your data subject request activity.
      • Right to Disclosure of Direct Marketers. You have a right to the categories and names/addresses of third parties that have received Personal Data for their direct marketing purposes upon simple request, and free of charge.

      You may make an authenticated consumer request exercising your Right to Know and Access Specific Information including Right to Know what Personal Data is being Sold or Shared under the CCPA twice within a twelve (12) month period. To exercise the rights described above, see the How to Submit a Request to Exercise your CCPA Rights section below.

      How to Submit a Request to Exercise your CCPA Rights

      If you are a consumer and resident of California and you wish to exercise your CCPA rights, please submit a verifiable consumer request to us via the methods described below:

      • Online Form: Exercising Your Privacy Rights
      • Email us at privacy@hcg.com and include your name, your specific request, and a preferred contact method (e.g., email or mail) for us to follow up with you.
      • Call us at 1-866-229-7219 (toll-free) and ask to be connected with Huron’s Chief Privacy Officer. Ultimately though, we may ask that you submit your request in writing, for us to keep appropriate records, and because the law requires us to respond to you in writing.
      • Send mail addressed to:

      Huron Consulting Group Inc.
      Attn: Chief Privacy Officer
      550 W Van Buren St, Chicago IL 60607

      Please note that if you ask us to provide you with specific pieces of information, we may require you to sign a declaration under penalty of perjury that you are the consumer whose information is the subject of the request.

      Authorized Agent

      You may use an authorized agent to submit verifiable consumer requests on your behalf. An authorized agent is a natural person or a business entity that you have authorized to act on your behalf. If you use an authorized agent, we may require: (1) proof of written permission for the authorized agent to make requests on your behalf, and identity verification from you, or (2) proof of power of attorney pursuant to California Probate Code sections 4000 to 4665. We may deny a request from an authorized agent that does not submit proper verification proof.

      Additional Information

      To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.

      What to Expect When you Submit a Request to Us

      We are a professional services firm, dealing almost exclusively with other companies, as opposed to directly with consumers as that term is usually understood, in business-to-business transactions; and the protection of our clients’ information (past, present, and future) is paramount to our corporate values and our privacy program.

      We take data security, in addition to privacy, very seriously, and California law is clear on the need for businesses to protect all consumers from fraudulent requests made by someone other than the actual individual. We mention this to prepare you for the fact that if you request from us specific pieces of Personal Data collected about you, we will do whatever is reasonably necessary (as the law allows and requires) to verify that you are who you say you are; and as such, you should expect a thorough and personalized vetting process from us to ensure that we do not provide one individual’s Personal Data to an imposter. The process may take 45 days (or longer when reasonably necessary) depending on the request, and consistent with our obligations under the law.

      Only you or a person registered with the California Secretary of State that you authorize to act on your behalf or is authorized by a person who has power of attorney or is acting as a conservator for the consumer, may make a verifiable consumer request related to your Personal Data. You may also make a verifiable consumer request on behalf of your minor child.

      The verifiable consumer request must:

      • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Data or an authorized representative.
      • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

    • Additional Information for Residents of Colorado, Connecticut, Montana, Oregon, Texas, Utah, Virginia

      Your Rights

      If you are a resident of Colorado, Connecticut, Montana, Oregon, Texas, Utah, or Virginia, you may have the following rights, in each case to the extent set out in applicable law. We provide the supplemental section below with terms defined as in applicable law.

      • Right to Access & Data Portability. You have the right to request that we disclose certain information to you about our collection and use of your Personal Data at any time. Once we receive and confirm an authenticated consumer request from you, we will, subject to certain exceptions:
        • Disclose whether we are processing your Personal Data.
        • Provide you with access to your Personal Data where we process it.
        Where exercising your right to access and/or the processing is carried out by automated means, you have the right to request and obtain a copy of your Personal Data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the Personal Data to another data controller without hindrance (“data portability”).
      • Right to Correct Inaccurate Personal Data. To the extent that we may maintain inaccurate Personal Data, you have the right to request that we correct such inaccurate Personal Data taking into account the nature of the Personal Data and the purposes of the processing of the Personal Data. Once we receive and verify your authenticated consumer request, we will use commercially reasonable efforts to correct your Personal Data.
      • Right to Delete. You have the right to request that we delete your Personal Data provided by or obtained about you. To the extent that we can delete your Personal Data, once we receive and confirm your authenticated consumer request, we will delete (and direct our service providers to delete) your Personal Data, subject to certain exceptions.
      • Sale of Personal Data, Targeted Advertising, Profiling, and the Right to Opt Out. You have the right to opt out of the processing of your Personal Data for the following purposes:
        • Targeted advertising.
        • Sale of your Personal Data.
        • Profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
      • Right to Non-Discrimination. You have a right to not be discriminated against in the Services or quality of Services you receive from us for exercising your rights. We may not, and will not, treat you differently because of your data subject request activity. As a result of your data subject request activity, we may not and will not deny goods or Services to you, charge different rates for goods or Services, provide a different level quality of goods or Services, or suggest that we would treat you differently because of your data subject request activity.
      • Right to Appeal. You have the right to appeal our denial of any request you make under this Section. To exercise your right to appeal, please submit appeals request to us by either:
        • Emailing us at privacy@hcg.com; or
        • Calling us at 1-866-229-7219 (toll free) and ask for Huron's Chief Privacy Officer

      Within applicable statutory deadlines, following receipt of your appeal, we will inform you in writing of any action taken or not taken in response to your appeal, including a written explanation of the reasons for the decisions.

      To exercise the rights described above, see Exercising Your Privacy Rights.

      If you are a Colorado, Connecticut, Montana, Oregon, Texas, or Utah resident, you may make an authenticated consumer request free of charge once within a twelve (12) month period. We reserve the right to charge a reasonable fee for a second or subsequent request within the same twelve (12) month period.

      If you are a Virginia resident, you may make an authenticated consumer request under the Virginia Consumer Data Privacy Act twice within a twelve (12) month period.

      If you have concerns regarding the results of your appeal, you may contact the applicable office of attorney general using the information below:

      Sensitive Data

      We may process sensitive data including sensitive data inferences. When we process sensitive data, we do so with your consent.

      Authorized Agent

      You may use an authorized agent to submit verifiable consumer requests on your behalf. An authorized agent is a natural person or a business entity that you have authorized to act on your behalf. If you use an authorized agent, we will require: (1) proof of written permission for the authorized agent to make requests on your behalf, and identity verification from you; or (2) proof of power of attorney. We may deny a request from an authorized agent that does not submit proper verification proof.

      Additional Information

      To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.

    • Additional Information for Individuals Located in India

      Supplemental Information for Individuals Located in India

      This supplemental section of Huron’s Privacy Statement is directed at and applies to individuals located in India, when Information Technology Act, 2000 and Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules 2011 (“Information Technology Rules”) apply.

      International Transfers of Your Personal Data

      By using the website or providing Personal Data to Huron, your Personal Data may be transferred to the United States, where Huron is headquartered, or to other Huron locations where we carry out our support activities. Your country’s laws governing data collection and use may differ from those in the United States or other Huron locations. When transferring your Personal Data or Sensitive Personal Data, Huron will only transfer the information when you have provided your consent, or it is necessary to fulfill contractual obligations. Huron will require equal protections be applied to any Personal Data or Sensitive Personal Data transferred outside of India. Please contact privacy@hcg.com if you want to receive further information.

      Sensitive Data

      We may collect Sensitive Personal Data about you with your consent, which may include:

      • Financial and billing information;
      • Any detail relating to the above clause as provided to Huron for providing service; and
      • Any of the information received under above clauses provided to Huron for processing, stored or processed under lawful contract or otherwise.

      Information that is freely available or accessible in public domain shall not be regarded as Sensitive Personal Data.

      Your India Privacy Rights

      If you are visiting the website from India or where applicable India data protection laws so provide, you may exercise the following rights regarding your Personal Data and Sensitive Personal Data:

      • Access. You have the right to obtain from, access, and review the Personal Data and Sensitive Personal Data Huron has collected about you.
      • Rectification. You have the right to request the rectification of inaccurate Personal Data and Sensitive Personal Data when feasible.
      • Right to refuse or withdraw consent. Please note that in case we ask for your consent to certain collection and use of your Personal Data or Sensitive Personal Data, you are free to refuse to give consent and you can withdraw your consent.

      You may also revoke your consent for processing of your Personal Data. If you wish to object to the use and processing of your Personal Data or withdraw consent to this Privacy Statement, you can contact us in the following ways:

      Online Form: Exercising Your Privacy Rights

      Email: privacy@hcg.com

      Call us: 1-866-229-7219 (toll free) and ask for Huron’s Chief Privacy Officer

      Write us:

      Huron Consulting Group Inc.
      Attn: Chief Privacy Officer
      550 W Van Buren St, Chicago IL 60607

      The requests above will be considered and responded to in the time-period stated by applicable law. Note, certain Personal Data may be exempt from such requests. We may require additional Personal Data from you to confirm your identity in responding to such requests.

      You have the right to lodge a complaint with the supervisory authorities applicable to you and your situation, although we invite you to contact us with any concern as we would be happy to try and resolve it directly. Please contact us at:

      Email: privacy@hcg.com

      Call us: 1-866-229-7219 (toll free) and ask for Huron’s Chief Privacy Officer

      Write us:

      Huron Consulting Group Inc.
      Attn: Chief Privacy Officer
      550 W Van Buren St, Chicago IL 60607

      Lawful Basis for Processing Your Personal Data

      We will only collect, use, and disclose your Personal Data or Sensitive Personal Data with your consent or when there is a lawful basis for such activities. Some lawful bases may include:

      • Processing on the basis of performance of a contract. Examples of situations in which we process Personal Data as necessary for performance of a contract include e-commerce transactions in which you purchase a service from us.
      • Processing on the basis of consent. Examples of processing activities for which we may use consent as its legal basis include: (i) collecting and processing precise location information from your electronic device; (ii) sending promotional emails when consent is required under applicable law; and (iii) processing Personal Data on Huron Services through cookies and similar technologies when consent is required by applicable law.
      • Processing for Employee Management. Examples of processing activities for employee management may include activities related to recruitment, hiring, management of employee benefits, and termination of employees.
      • Processing because we are under a legal obligation to do so. Examples of situations in which we must processes Personal Data to comply with our legal obligations include: (i) providing your Personal Data to law enforcement agencies and other governmental bodies when required by applicable laws; (ii) retaining business records required to be retained by applicable laws; and (iii) complying with court orders or other legal process.

      Retention

      We will retain your Personal Data or Sensitive Personal Data for as long as required to fulfill the purpose for its collection and use, or for as long as required by law.

      Regardless of our reason for retaining your Personal Data, we delete all Personal Data in accordance with our routine record keeping policies.

    • Additional Information for Individuals Located in Europe

      Supplemental Information for Individuals Located in Europe

      This supplemental section of Huron's Privacy Statement is directed at and applies to individuals located in the European Union ("EU"), United Kingdom ("UK"), Switzerland, or where applicable EU data protection laws (e.g., the General Data Protection Regulation ("GDPR"), Data Privacy Framework ("DPF") and the UK Data Protection Act 2018) apply.

      Table of Contents:

      International Transfers of Your Personal Data

      As provided in the Privacy Statement and Data Privacy Framework Statement, Huron collects various forms of Personal Data for various purposes.

      By using the website or providing Personal Data to Huron, your Personal Data may be transferred to the United States, where Huron is headquartered, or to other Huron locations where we carry out our support activities. Your country's laws governing data collection and use may differ from those in the United States or other Huron locations. Some of the entities with whom we share your Personal Data, as described above in the Privacy Statement, are also located in countries whose laws have not been deemed by the European Commission to provide the same level of protection to your Personal Data. Only a small number of countries have been officially recognized by the European Commission as providing an adequate level of protection (list available here). Transfers to Huron entities and others located in countries outside the European Economic Area ("EEA"), UK, or Switzerland take place on the basis of an adequacy finding by the relevant authority (i.e., European Commission, Swiss Federal Data Protection and Information Commissioner ("FDPIC"), UK Information Commissioner's Office ("ICO") or other competent supervisory authority), EU Standard Contractual Clauses (or other standard contractual clauses approved by a competent supervisory authority), or other appropriate GDPR or applicable law derogations, including the EU-U.S. Data Privacy Framework, Swiss-US Data Privacy Framework, and UK Extension to the EU-U.S. Data Privacy Framework.

      Data Privacy Framework Statement

      This Data Privacy Framework Statement ("DPF Statement"), and the sections that follow, describe Huron's standards and procedures when handling Personal Data transferred from the European Economic Area ("EEA"), the United Kingdom (and Gibraltar) and Switzerland to the U.S. in accordance with Huron's obligations under the Data Privacy Framework. This statement supplements our Privacy Statement, and the terms in this DPF Statement have the same meaning as in our Privacy Statement. If there is any conflict between the terms in this Privacy Statement and the Data Privacy Framework Principles related to Personal Data transferred in reliance on our Data Privacy Framework certification, the Data Privacy Framework Principles shall govern.

      Huron complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Huron has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of Personal Data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. To learn more about the EU-U.S. and Swiss-U.S. Data Privacy Frameworks and the UK Extension and view our certification, please visit https://www.dataprivacyframework.gov/.

      Huron entities and subsidiaries that adhere to the DPF principles:

      • Innosight Consulting, LLC
      • Huron Transaction Advisory LLC
      • Huron Consulting Services LLC
      • Huron Managed Services LLC
      • Huron Public Finance Advisory LLC

      The Federal Trade Commission has jurisdiction over Huron’s compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

      Notice

      The foregoing information, in addition to the Privacy Statement, further outlines Huron's commitment to compliance with the DPF Principles and provide you notice of specific information pertinent to you under the Data Privacy Framework.

      Choice

      You have the opportunity to opt out if your Personal Data is (i) to be disclosed to a third party or (ii) to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals. Where use or transfer involves sensitive information, you must opt-in before Huron will use or transfer such information.

      Accountability for Onward Transfer for Personal Data

      Huron may transfer Personal Data for the purposes described in the Huron Privacy Statement to a third party as a data controller or as an agent. In such an event, Huron will comply with and protect Personal Data as provided for in the Accountability of Onward Transfer Principle of the Data Protection Framework. Huron remains responsible for the processing of Personal Data received under the Data Protection Framework and then transferred to a third party acting as an agent if that party processes Personal Data in a manner inconsistent with the Data Protection Framework and its principles, unless Huron demonstrates that we are not responsible for the event resulting in damage.

      Security

      Huron takes reasonable and appropriate measures to protect Personal Data and takes into account the risks involved in processing and the nature of the Personal Data it maintains, in order to protect against loss, misuse, and unauthorized access, disclosure, alteration and destruction.

      Data Integrity and Purpose Limitation

      Any Personal Data Huron collects may be used for the purposes indicated below or in our Privacy Statement or otherwise notified to you. We will not process Personal Data in a way that is incompatible with these purposes unless authorized by you.

      The lawful basis for our processing of your Personal Data will depend on the purposes of the processing. For most Personal Data processing activities covered by this Privacy Statement, the lawful basis is that the processing is necessary for our legitimate business interests. Where we process Personal Data in relation to a contract, or a potential contract, with you, the lawful basis is that the processing is necessary for the performance of our contract with you or to take steps at your request prior to entering into a contract. If we are required to share Personal Data with law enforcement agencies or other governmental bodies, we do so on the basis that we are under a legal obligation to do so. We will also use consent as the legal basis where we deem appropriate or to the extent required by applicable law, for example, before we collect precise location data from your electronic device.

      Depending on what Personal Data we collect from you and how we collect it, we may also rely on various grounds for processing your Personal Data, including the following reasons:

      • Processing on the basis of legitimate business interests. When we process Personal Data on the basis that the processing is necessary for our legitimate business interests, such interests include: (i) providing, improving, and promoting our Services; (ii) communicating with current and potential customers, other business partners, and their individual points of contact; (iii) managing our relationships with our customers and other business partners, and their individual points of contact; (iv) other business development purposes; (v) sharing information within Huron, as well as with service providers and other third parties; and (vi) maintaining the safety and security of our products, Services, and employees, including fraud protection.
      • Processing on the basis of performance of a contract. Examples of situations in which we process Personal Data as necessary for performance of a contract include e-commerce transactions in which you purchase a service from us.
      • Processing on the basis of consent. Examples of processing activities for which we may use consent as its legal basis include: (i) collecting and processing precise location information from your electronic device; (ii) sending promotional emails when consent is required under applicable law; and (iii) processing Personal Data on Huron Services through cookies and similar technologies when consent is required by applicable law.
      • Processing because we are under a legal obligation to do so. Examples of situations in which we must processes Personal Data to comply with our legal obligations include: (i) providing your Personal Data to law enforcement agencies and other governmental bodies when required by applicable laws; (ii) retaining business records required to be retained by applicable laws; and (iii) complying with court orders or other legal process.

      If the processing of your Personal Data is based on your consent, the GDPR and Data Protection Act 2018 also allow users the right to access, revoke, or modify your consent at any time. Please see Contact Us, below, to review or modify your consents.

      Retention

      We will retain your Personal Data for as long as needed for the purposes described in this Privacy Statement. More specifically, the time we maintain your Personal Data depends on the following factors:

      Whether we need the Personal Data to provide the Services. We will maintain any data needed to provide you with the Services, such as contact information and payment or transaction information, for as long as needed for us to provide you with the Services, respond to your questions and requests, and/or administer your account (if applicable).

      • Whether we need the Personal Data to comply with our legal obligations. We may have legal obligations to maintain your Personal Data where a legal or regulatory body may ask for it in the future, for example in response to a data subject request or complaint. This information may include contact information and location information.
      • Whether we need the Personal Data for a legitimate business interest. We may store Personal Data like contact information, cookies, and location information in order to perform analytics, troubleshoot errors, or improve our Services. In any event, we delete the Personal Data when it is no longer needed for our legitimate interest.

      Regardless of our reason for retaining your Personal Data, we delete all Personal Data in accordance with our routine record keeping policies.

      Access

      If you are visiting the website from the EU, UK, or Switzerland or where applicable EU data protection laws so provide, you may exercise the following rights regarding your Personal Data:

      Access. You have the right to obtain from us confirmation if your Personal Data is being processed and certain information in this regard.

      Rectification. You have the right to request the rectification of inaccurate Personal Data and to have incomplete data completed.

      Objection. You have the right, when we process Personal Data on the grounds of legitimate interests, to object to the processing of your Personal Data for compelling and legitimate reasons relating to your particular situation, except in cases where legal provisions expressly provide for that processing. In addition, you have the right to object at any time where your Personal Data is processed for direct marketing purposes.

      Portability. You may receive your Personal Data that you have provided to us in a structured, commonly used, and machine-readable format and have the right to transmit them to other data controllers without hindrance. This right only exists if the processing is based on your consent, or a contract and the processing is carried out by automated means.

      Restriction. You may request to restrict processing of your Personal Data (i) while we verify your request – if you have contested the accuracy of the Personal Data about you which we hold; (ii) if the processing is unlawful and you oppose the erasure of it and request restriction instead; (iii) if we no longer need it, but you tell us you need it to establish, exercise, or defend a legal claim; or (iv) while we verify your request if you have objected to processing based on public or legitimate interest.

      Erasure. You may request to erase your Personal Data if it is no longer necessary for the purposes for which we have collected it, you have withdrawn your consent and no other legal grounds for the processing exists, you objected and no overriding legitimate grounds for the processing exist, the processing is unlawful, or erasure is required to comply with a legal obligation.

      Right to lodge a complaint. You also have the right to lodge a complaint with a supervisory authority, in particular in the jurisdiction of your residence, or the location where the issue that is the subject of the complaint occurred.

      Right to refuse or withdraw consent. Please note that in case we ask for your consent to certain processing, you are free to refuse to give consent and you can withdraw your consent at any time without any adverse negative consequences. The lawfulness of any processing of your Personal Data that occurred prior to the withdrawal of your consent will not be affected.

      You may also revoke your consent for processing of your Personal Data. If you wish to object to the use and processing of your Personal Data, withdraw consent to this Privacy Statement, or exercise any of the above European Privacy Rights you can contact us in the following ways:

      Online Form: Exercising Your Privacy Rights

      Email: privacy@hcg.com

      Call us: 1-866-229-7219 (toll free) and ask for Huron's Chief Privacy Officer

      Write us:

      Huron Consulting Group Inc.
      Attn: Chief Privacy Officer
      550 W Van Buren St
      Chicago IL 60607

      The requests above will be considered and responded to in the time period stated by applicable law. Note, certain Personal Data may be exempt from such requests. We may require additional Personal Data from you to confirm your identity in responding to such requests.

      You have the right to lodge a complaint with the supervisory authorities applicable to you and your situation, although we invite you to contact us with any concern as we would be happy to try and resolve it directly. Please contact us at:

      Email: privacy@hcg.com

      Call us: 1-866-229-7219 (toll free) and ask for Huron's Chief Privacy Officer

      Write us:

      Huron Consulting Group Inc.
      Attn: Chief Privacy Officer
      550 W Van Buren St
      Chicago IL 60607

      Recourse, Enforcement and Liability

      In compliance with the Data Privacy Framework, Huron is committed to resolving complaints related to the DPF and our collection or use of Personal Data. If you are in the EU, UK or Switzerland and have a complaint regarding our processing of your Personal Data, please contact us.

      Furthermore and in compliance with the Data Privacy Framework, Huron will refer, at no cost, unresolved complaints concerning our handling of Personal Data received to the alternative dispute resolution services offered by JAMS, as our U.S.-based independent recourse mechanism. The website for submitting complaints that have not been resolved directly by Huron can be found here. Individuals covered by the Data Privacy Framework may seek binding arbitration for limited types of claims. For additional information about the Data Privacy Framework arbitration process, please visit the Data Privacy Framework website at Data Privacy Framework Arbitration.

      EU Representative

      VeraSafe has been appointed as Huron's representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are in the European Economic Area, VeraSafe can be contacted in addition to Huron's Chief Privacy Officer (available at privacy@hcg.com), only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031.

      Alternatively, VeraSafe can be contacted at:

      VeraSafe Ireland Ltd.
      Unit 3D North Point House
      North Point Business Park
      New Mallow Road
      Cork T23AT2P
      Ireland

    • Additional Information for Individuals Located in Singapore

      Supplemental Information for Individuals Located in Singapore

      This supplemental section of Huron’s Privacy Statement is directed at and applies to individuals located in Singapore and subject to the Personal Data Protection Act 2012.

      Your Singapore Privacy Rights

      If you are visiting the website from the Singapore or where applicable Singapore data protection laws so provide, you may exercise the following rights regarding your Personal Data:

      Access/Receive. You have the right to obtain from Huron and review some of the Personal Data Huron has collected about you and be informed of the ways your Personal Data has been used or disclosed to organizations within a year before the date of request. The right to access your Personal Data may be limited if fulfillment of the right would:

      • Threaten the safety or physical or mental health of an individual other than the individual who made the request;
      • Cause immediate or grave harm to the safety or the physical or mental health of the individual who made the request;
      • Reveal Personal Data about another individual (unless the data was originally provided by you);
      • Reveal the identity of an individual who has provided Personal Data about another individual and the individual providing the Personal Data does not consent to the disclosure of his or her identity (unless the data was originally provided by you); or
      • Be contrary to the national interest.

      Huron is not required to include in your access request, information that is:

      • Opinion data kept solely for an evaluation purpose;
      • About any examination conducted by an education institution, examination scripts and, prior to the release of examination results, examination results;
      • Personal Data which is subject to legal privilege;
      • Personal Data which, if disclosed, would reveal confidential commercial information that would, in the opinion of a reasonable person, harm the competitive position of the organization;
      • Personal Data collected or created by a mediator or arbitrator in the conduct of a mediation or arbitration;
      • The Personal Data was collected as part of an evaluation of privacy risks as outlined in Schedule 1, Section 3 of the Personal Data Protection Act; or
      • The request is for Personal Data that cannot be found/does not exist, the request would unreasonably interfere with Huron’s operations, or it would be frivolous or expensive to the point that it outweighs the requestor’s interest.

      Correction. You have the right to request the correction of inaccurate Personal Data when feasible. When Huron corrects Personal Data per your request, it will with your consent send the corrected data to third parties to which the Personal Data has been disclosed in the previous year. If Huron does not agree to make the correction, it will annotate the Personal Data with the request.

      The right to correct does not apply to data that Huron collects, when:

      • It is opinion data kept solely for an evaluation purpose;
      • It is data kept for any examination conducted by an education institution, examination scripts and, prior to the release of the examination results, examination results; or
      • It is derived Personal Data.

      Right to withdraw consent. Please note that in the event we ask for your consent, you have the right to withdraw consent of Huron’s collection, use or disclosure of your Personal Data. We will inform you of possible consequences for withdrawing consent. The ability to withdraw consent may be limited by Huron’s requirements to retain your Personal Data or to comply with applicable law.

      If you wish to withdraw consent to this Privacy Statement, you can contact us in the following ways:

      Online Form: Exercising Your Privacy Rights

      Email: privacy@hcg.com

      Call us: 1-866-229-7219 (toll free) and ask for Huron’s Chief Privacy Officer

      Write us:

      Huron Consulting Group Inc.
      Attn: Chief Privacy Officer
      550 W Van Buren St, Chicago IL 60607

      The requests above will be considered and responded to in the time-period stated by applicable law. Note, certain Personal Data may be exempt from such requests. We may require additional Personal Data from you to confirm your identity in responding to such requests.

      You have the right to lodge a complaint with the supervisory authorities applicable to you and your situation, although we invite you to contact us with any concern as we would be happy to try and resolve it directly. Please contact us at:

      Email: privacy@hcg.com

      Call us: 1-866-229-7219 (toll free) and ask for Huron’s Chief Privacy Officer

      Write us:

      Huron Consulting Group Inc.
      Attn: Chief Privacy Officer
      550 W Van Buren St, Chicago IL 60607

      Retention

      We will retain your Personal Data or for as long as required to fulfill the purpose for its collection and use, or for as long as required by law.

      When you have made a request to receive your Personal Data, and Huron has refused the request, Huron will preserve for the required period of time, a copy of the Personal Data concerned.

      Regardless of our reason for retaining your information, we delete all Information in accordance with our routine record keeping policies.

 

Exercising Your Data Subject Rights

To exercise data subject rights, please submit a verifiable consumer request to us via the methods described below. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Data, or an authorized representative; and
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

To help protect your privacy and maintain security, if you request access to or deletion of your Personal Data, we will take steps and may require you to provide certain Personal Data to verify your identity before granting you access to your Personal Data or complying with your request. In addition, if you ask us to provide you with specific pieces of information, we may require you to sign a declaration under penalty of perjury that you are the consumer whose Personal Data is the subject of the request. Only you or your authorized agent may make a verifiable consumer request related to your Personal Data. If you designate an authorized agent to make a request on your behalf, we may require you to provide the authorized agent written permission to do so and to verify your own identity directly with us (as described above). You may also make a verifiable consumer request on behalf of your minor child. To exercise data subject rights, please submit a verifiable consumer request to us via the methods described below:

Online Form: Exercising Your Privacy Rights

Email at privacy@hcg.com

Call: 1-866-229-7219 (toll free) and ask for Huron’s Chief Privacy Officer

Send mail addressed to:

Huron Consulting Group Inc.
Attn: Chief Privacy Officer
550 W Van Buren St, Chicago IL 60607

You may only make a consumer request for access or data portability twice within a twelve (12) month period.

 

Contact Us

We have taken great measures to ensure that your visit to our website and your interactions with Huron are satisfying and that your privacy is respected. Unless otherwise stated, Huron is a business and data controller for Personal Data processed subject to this Statement. Because Huron is a professional services firm focused primarily on serving other businesses, Huron is a service provider and data processor to our clients for Personal Data that belongs to the data subjects and consumers who are associated with those clients.

If you have any questions, comments or concerns about our privacy practices, please contact us by:

Email at privacy@hcg.com

Call: 1-866-229-7219 (toll free) and ask for Huron’s Chief Privacy Officer

Send mail addressed to:

Huron Consulting Group Inc.
Attn: Chief Privacy Officer
550 W Van Buren St, Chicago IL 60607

© 2012-2023 Huron Consulting Group Inc. and its subsidiaries

All rights reserved.

Effective Date: June 2024.