Privacy Statement

Updated: February 9, 2021

 

Your privacy is important to us. This Online Privacy Policy (“Privacy Statement”) explains online information practices and your related choices.

 

This Privacy Statement applies to ThinkBig and its affiliates, subsidiaries, trusted business partners or alliances, agents, third-party suppliers or newly acquired companies (also referred to below as “we”, “us” and “our”) websites, and any of our other websites that display this Privacy Statement, and the services available through our websites. Some of our websites may include additional or different privacy statement.

 

This Privacy Statement and its sub-pages is intended to disclose our general privacy and data processing practices, where we collect personal data gathered (1) through use of our websites or mobile apps that post, display or link to this Privacy Statement (“Sites”), (2) through downloadable applications accessed from mobile devices with respect to which this Privacy Statement is posted or linked (“Mobile Apps”), (3) from individuals who engage regarding our or our clients services or individuals within our clients’, business partners’, suppliers’ and other organizations with which we have or contemplate a business relationship (“Services”), or (4) by any other mode of interacting with you relating to our communications, such as online or offline newsletters and magazines (“Communication”) as referenced in this Privacy Statement.

 

We also have implemented global policies, along with standards and procedures, for our consistent handling, sharing and protecting personal data. Some of our other websites may include additional or different privacy statements, and if a different privacy statement applies, we will disclose this to you.

 

This Privacy Statement covers the following areas:
 

1.    Information collection

1.1  We may collect information, including personal data, that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with our existing or potential employees, clients, client constituents or customers, business contacts, strategic alliances, suppliers, and Site users. 

 

1.2  Generally, we collect the below-mentioned information and personal data categories. If the data we collect are not listed in this Privacy Statement, we will give individuals, when required by law, appropriate notice of which other data we will collect and how we will use the data. 

 

1.3  Except for certain information that is required by law, your decision to provide any personal data to us is voluntary. You will therefore not be subject to adverse consequences if you do not wish to provide us with your personal data. However, please note that if you do not provide certain information, we may not be able to accomplish some or all of the purposes outlined in this Privacy Statement, and you may not be able to use certain tools and systems which require the use of such personal data.

 

1.4  Personal data excludes: publicly available information from government records, deidentified or aggregated information, and automated non-identifiable data that cannot be linked back to an individual.

 

2. Information sources

 

2.1  We may collect personal data either directly from you or indirectly from certain third parties (e.g., affiliates, public authorities, public websites and social media, suppliers and vendors) when you:

 

a. access our Services.

 

b. provide personal data by filling in Site forms (e.g., registering an online account, subscribing to Services, newsletters and alerts, registering for a conference or requesting further information).

 

c. submit our online forms or communicate with us on email.

 

d. submit reviews or participate in surveys.

 

e. upload or post any comments or other content to our Sites, on social media, or blogs.

 

f. interact with us on social media.

 

g. sign up for our mailing lists, register for events we host or sponsor, submit information as part of certain online Services, or otherwise provide us information through the Sites.

 

h. participate in a webinar or related event.

 

i. use our Site for online career resources.

 

j. are an individual employee or constituent of our clients and other companies with which we have an existing business relationship.

 

k. have information on public sources, including, for example, content made public at social media websites.

 

 

3. Purposes, legal basis and use

 

3.1  We may use, sell or disclose the personal data we collect only where one or more of the below outlined principal legal grounds and specific business purpose justifications exist.

 

3.2  Where the above table states that we rely on our legitimate interests for a given purpose, it is our understanding that our legitimate interests are not overridden by your interests, rights or freedoms, given (i) the transparency we provide on our data processing activities, (ii) our data protection by design and default approach, (iii) our routine data protection reviews, and (iv) the rights you have in relation to our data processing activities.

 

3.3  We will process your personal data for the above referenced purposes based on your prior consent, to the extent such consent is mandatory under applicable laws.

 

3.4  To the extent you are asked to click on/check “I accept”, “I agree” or similar buttons/checkboxes/functionalities in relation to a privacy statement, we will consider this step as you providing your consent for us to process your personal data, only in the countries where such consent is required by regulations. In all other countries, such action will be considered as a mere acknowledgement. The legal basis of the processing of your personal data will not be your consent but any other above applicable legal basis.

 

3.5  We will not collect or use additional personal data categories we collect for materially different, unrelated, or incompatible purposes without providing you notice or, as applicable, your consent; unless it is required or authorized by law, or it is in your own or another person’s vital interest (e.g., in case of a medical emergency) to do so.

 

4. Data recipients

 

4.1  Personal data collected in the course of our activities, including in connection with some client services, as well as on the Sites may be shared with:

 

a. our subsidiaries or affiliates, clients and strategic alliances on a need-to-know and authorized basis.

 

b. our trusted suppliers or service providers, professional advisors or other third parties on a need-to-know and authorized basis that is necessary for the purposes for which such access is granted and in connection with an existing or potential corporate or commercial transaction. For example, to provide services related to the Sites, our business activities, including in connection with some client services, in the manner agreed upon in our client services agreements, or supporting our interactions with you, including, for example, processing recruitment materials, administering surveys or contests, or communicating with you. When disclosing personal data to third parties, we take into account third parties’ data handling processes, and require these third parties to maintain privacy and security processes designed to ensure that their personal data processing activities are consistent with this Privacy Statement and safeguards the confidentiality, availability and integrity of personal data they process on our behalf.

 

c. with prospective or actual purchasers, or sellers on a need-to-know and authorized basis in the event of a sale, merger, joint venture, reorganization, assignment or other transfer or disposition of all or any portion of our business. It also is our practice to require appropriate protection for personal data under each commercial transaction.

 

d. with government agencies pursuant to a judicial proceeding, court order, or legal process.

 

4.2  We may make certain non-personal data available to third parties for various purposes, including for business or marketing purposes or to assist third parties in understanding our users’ interest, habits, and usage patterns for certain programs, content, services, advertisements, promotions, and functionality available through the Service. We will not intentionally disclose (and will take reasonable steps to prevent the unauthorized or accidental disclosure of) your personal data you to any third parties for their own direct marketing use.

 

5. International transfers

 

5.1  As a global organization offering a wide range of Services, with business processes, management structures and technical systems that cross borders, some of our disclosures may involve the transfer of personal data to countries or regions where the local law may grant you fewer rights than you have in your own country. We have designed this Privacy Statement and our practices to provide a globally consistent level of protection for personal data all over the world. This means that before we transfer personal data to those areas, we will take the necessary steps to ensure that your personal data will be given adequate protection as required by applicable data protection, the below section 11.2 (“EEA and Switzerland special notices”).

 

6. Direct marketing

 

6.1  As noted, we may send periodic promotional emails to you, and where required by law, we will obtain your consent to do so. You may opt out of such communications at any time by following the opt-out instructions contained in the email or the instructions in the below section 14. If you opt out of receiving emails about recommendations or other information we think may interest you, we may still send you emails about your account or any Services you have requested or received from us.

 

7. Cookies, beacons, tags and other technologies

 

7.1  We use cookies, web beacons and other technologies on our Sites in order to collect the information described above in “Automatically-collected Information” under above section 1.2, and also to remember your settings and for authentication.

 

a. Cookies. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Site, while others are used to enable a faster log-in process or to allow us to track your activities while using our Site. Most web browsers automatically accept cookies, but, if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether.

 

b. Clear GIFs, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use clear GIFs (also referred to as web beacons, web bugs or pixel tags), in connection with our services to, among other things, track the activities of users of our services, help us manage content, and compile statistics about usage of our services. We and our third party service providers also use clear GIFs in HTML emails to our customers, to help us track email response rates, to identify when our emails are viewed, and to track whether our emails are forwarded.

 

c. Log files. Most browsers collect certain information, such as your IP address, device type, screen resolution, operating system version, and Internet browser type and version. This information is gathered automatically and stored in log files.

 

d. Third party analytics. We also use automated devices and applications, such as Google Analytics (more info here) to evaluate the use of our services. We use these tools to gather non-personal data about users to help us improve our services and user experiences. These analytics providers may use cookies and other technologies to perform their services, and may combine the information they collect about you on our Sites with other information they have collected for their own purposes. This Policy does not cover such uses of data by third parties.

 

e. Do-not-track signals. Our Site does not respond to do-not-track signals. For more information about do-not-track signals, please click here. You may, however, disable certain tracking as discussed above (e.g., by disabling cookies) and as set out in our Cookie Policy.

 

7.2  You can manage the use of cookies through your browser. You may still use our Site if you reject cookies, but it may limit your ability to use some areas of our Site or otherwise diminish your experience of the Site. You can learn more about cookies at our Cookie Policy.

 

8. Third party websites and links

 

8.1  Our Sites may contain links or embed third-party applications to third party websites that are governed by their own terms and privacy statements. We may provide links to these third-party sites for your convenience and informational purposes only. For example, these links may allow you to interact with sites on which you may have accounts (such as Facebook and other social media sites) or join communities on sites that allow you to login, post content, or join communities from our Sites.

 

8.2  Third-party apps and websites have their own privacy statements and disclosures, which we encourage you to read before interacting with such third-party websites or providing information on or through them. If you follow a link to any of those third-party websites, please note that we do not accept any responsibility or liability for their policies, or processing of your personal data. We are not responsible for the content, accuracy of, or cookies set by any third-party linked site that is not operated by or on behalf of us or for any other links contained in such third-party sites. The inclusion of any link to a website not owned by us is not an endorsement by us of the site or its contents or accuracy and does not suggest that the opinions expressed on a third-party site are representative of our views or opinions.

 

8.3  We assume no responsibility or liability for any links to our Sites from another party’s website. You may post a link to any portion of the Site without prior written permission. However, any such links must not use framing techniques or in any way represent the Site or its content as being connected with another organization. In addition, you may not use any meta tags or hidden text in your website that incorporate our name or the names of any of our affiliates, subsidiaries, businesses, programs, or services.

 

 

9. Children’s privacy protection

 

9.1  We are committed to protecting children’s privacy online.

 

9.2  Our Sites are not intentionally designed for or directed at children under the age of 13 in the U.S and 16 in California or EEA, and requires no such information be submitted to us. We will not knowingly or intentionally collect, store, use, or share, personal data of children anyone children under the age of 13 in the U.S and 16 in in California or EEA without prior documented parental or guardian consent.

 

9.3  If you are under the age of 13 in the U.S and 16 in California or EEA, please do not provide any personal data, even if prompted by the Site to do so. If you are under the age of 13 in the U.S and 16 in California or EEA and you believe you have provided personal data to us, please ask your parent(s) or guardian(s) to notify us and we will delete all such personal data.

 

9.4  If we become aware that we have inadvertently received personal data from a user under the age of 13 in the U.S and 16 in California or EEA, we will delete these data from our records.

 

 

 

10. California residents’ special notices

 

In addition to the information provided in this Privacy Statement, the below information applies if you are a California resident.

 

10.1  Disclosures of California Residents’ Personal Information for a Business Purpose. In the preceding twelve (12) months, we have disclosed the following categories of Personal Information for a business purpose:

 

10.2  Sales of Personal Information. In the preceding twelve (12) months, we have sold the following categories of Personal Information:

 

10.3  Information excluded from the CCPA’s scope, like:

 

a. health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;

 

b. personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

 

 

11. EEA and Switzerland residents’ special notices

 

In addition to the information provided in this Privacy Statement, the below information applies if you are located in the EEA or Switzerland.

 

11.1  In addition to the information provided in this Privacy Statement, where we transfer personal data from inside the European Economic Area (EEA) to outside the EEA, we are be required to take specific measures to safeguard the relevant personal data.

 

11.2  Unless you are otherwise notified, any transfers of your personal data from within the European Economic Area (EEA) to third parties outside the EEA will be based on applicable data protection legislation, an adequacy decision (see the full list here http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm), or are governed by the model contractual clauses approved by the EU Commission, or similar contractual clauses in other jurisdictions to provide appropriate safeguards and an adequate level of protection for personal data. This includes transfers to suppliers or other third parties. You can request a copy of the EU model contractual clauses here. Any other non-EEA related transfers of your personal data will take place in accordance with the appropriate international data transfer mechanisms and standards.

 

11.3  Please Contact Us as set out below in section 16 if you would like to see a copy of the specific safeguards applied to the export of your personal data.

 

11.4  Please Contact Us for a data subject access request form (DSAR) exercise your rights.

 

Back to top

 

 

12. Retention

 

12.1  We retain relevant personal data as long as necessary to meet the criteria outlined in above section 1.2.

 

12.2  We retain personal data about unsuccessful candidates/applicants for 12 months following submission in the U.S., Canada, and Brazil, and for 6 months in Europe and Asia.

 

13. Personal data accuracy, privacy and security

 

13.1  We intend to maintain personal data accuracy, completeness, current status, and security. In the event of changes in your personal data, you may inform us to make sure that our information is up-to-date.

 

13.2  We implement commercially reasonable physical, administrative and technical safeguards to help us protect the confidentiality, security, and integrity of your personal data and prevent the loss, misuse, unauthorized access, unauthorized interception, or information alteration. For example, we take appropriate measures to make sure that the personal data you provide is stored on computer servers in controlled, secure environments.

 

13.3  All of our partners, employees, consultants, workers and data processors (i.e., those who process your personal data on our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal data, are obliged to respect the confidentiality of such personal data.

 

13.4  Your choice to disclose personal data in an email submission or online form is voluntary. Unfortunately, no data transmission over the Internet is 100% secure. While we strive to protect your personal data, we cannot ensure or warranty the security of any such personal data or fully ensure that your private communications and other personal data will not be inadvertently disclosed to third parties by us or its business partners, agents, subcontractors, or other third-party vendors. Although we take commercially reasonable precautions to maintain the security of our Sites and servers, third parties may unlawfully intercept or access transmissions or private communications.

 

 

14. Your rights and choices

 

14.1  California Residents.

 

a. California residents have the below additional specific rights regarding their personal data. This section describes California residents’ California Consumer Privacy Act (CCPA) rights and explains how to exercise those rights.

 

b. We may deny your deletion request if any of the below exceptions require that we retain the information for us or our service providers to:

 

·       Complete the transaction for which we collected the personal data, provide Services that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.

 

·       Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

 

·       Debug products to identify and repair errors that impair existing intended functionality.

 

·       Exercise free speech, ensure the right of another individuals to exercise their free speech rights, or exercise another right provided for by law.

 

·       Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).

 

·       Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.

 

·       Enable solely internal uses that are reasonably aligned with individual’s expectations based on your relationship with us.

 

·       Comply with a legal obligation.

 

·       Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

 

 

14.2  EEA and Switzerland residents

 

a. Individuals located in the EEA and Switzerland have the below additional specific rights regarding their personal data. This section describes your rights and explains how to exercise those rights.

 

 

14.3  Exercising Access, Data Portability, and Deletion Rights

 

a. General. You may, at any time, exercise your right to decline to supply certain information while using our Sites. Please bear in mind that you, however, may not be able to access certain content or participate in some features on our Sites. If you tell us that you do not want us to use your information to make further contact with you beyond fulfilling your request, we will respect your wishes.

 

b. Marketing. You may, at any time, exercise your right to prevent us from sharing marketing materials with you by checking certain boxes on our forms, utilizing the unsubscribe or opt-opt mechanisms in the emails we send you, indicating so when we call you, or use the Contact Us form on our Sites. For best results, please forward a copy of the mailing you received from us. In such cases, we will retain minimum personal data to note that you opted out in order to avoid contacting you again.

 

c. Newsletters, messages and mailings. If you have subscribed to one or more of our newsletters or receive information from us via email or postal mail and would like to modify or cancel these mailings, please use the  Contact Us form on our Sites. For best results, please forward a copy of the mailing you received from us. In such cases, we will retain minimum personal data to note that you opted out in order to avoid contacting you again.

 

d. Cookies. If you want to remove existing cookies from your device, you can implement those steps by using your browser options. If you want to block future cookies being placed on your device, you can change your browser settings to do this. When you review your browser settings or options, you can identify our cookies in the name. Unless you have adjusted your browser settings to block cookies, our system will issue cookies as soon as you visit our Sites or click a link in a targeted email we have sent you, even if you have previously deleted our cookies. Please bear in mind that deleting and blocking cookies will have an impact on your user experience as parts of the Site may no longer work. For more information on managing cookies, see 

 

e. Data Subject Access Requests. You may exercise your rights to access, data portability, and deletion rights by contacting us through our Contact Us form.

 

f. Legitimate Interest or Legal Obligation Exceptions. Please note that some of the above rights may be limited where we have an overriding legitimate interest or legal obligation to continue to process the personal data, or where the personal data may be exempt from disclosure due to applicable law.

 

 

 

15. Notification of our privacy statement changes

 

15.1  We may make changes to this Privacy Statement from time to time, to reflect changes in our practices. We also may make changes as required to comply with changes in applicable law or regulatory requirements. Where we materially change this Policy, we will take steps to notify you (such as by posting a notice on the Site or via email), and where required by applicable law to obtain your consent.

 

 

16. Privacy questions and how to Contact Us 

 

16.1  Please click Contact Us  I or share by writing to the below contact information if you:

 

a. have questions about this Privacy Statement, how we process or protect your personal data.

 

b. have questions regarding exercising your personal data rights under, as example, the DSAR as outlined in the above sections.

 

c. like a copy of the full version of our data protection policy.

 

d. wish to make a complaint about our use of your personal data.

 

e. have questions or concerns about this Privacy Statement, our Sites or email marketing practices.

 

 

Please note that no permission is granted for you to use our logo, icons, or content. You must obtain our prior written permission to post additional graphic or textual material along with your link to our Sites.