Duff & Phelps LLC, and all affiliates and subsidiaries, (collectively "D&P"), is committed to complying with the applicable data privacy and security requirements in the countries in which it operates.
D&P complies with various privacy laws globally and with internationally recognized standards of privacy protection, including, but not limited to, the European Union Data Protection Directive [95/46/EC].
D&P complies with the US-EU Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. D&P has certified that it adheres to the Privacy Shield Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. If there is any conflict between this policy and the Privacy Shield Privacy Principles, the Privacy Shield Privacy Principles shall govern. The US Federal Trade Commission has jurisdiction over D&P’s compliance with this Policy and the EU-US Privacy Shield Framework. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.
Collection and Use of Personal Data
We collect personal data that you choose to provide to us. If you choose not to provide certain information, we may not be able to provide you with some services and you may not be able to participate in some of the activities on our website(s).
We will not use your information in a manner that is incompatible with the purpose for which it was originally collected without your consent. D&P processes personal data for specific, limited, and legitimate business purposes. Examples of such purposes include, but are not limited to:
Personal Data relating to employees is collected and processed for human resources/employment purposes, including but not limited to: workforce management, administration of compensation, payroll, and benefits, administration of medical insurance, to evaluate job performance, to administer physical and information systems security as well as help desk support, business travel, training, and recruitment; for emergency contact purposes; to comply with legal, regulatory and corporate governance requirements related to the employment relationship.
Personal data about job applicants is collected and processed for purposes of screening, identifying and evaluating candidates for D&P positions; record-keeping related to hiring processes; analyzing the hiring process and outcomes; and conducting background checks, where and to the extent permitted by law. In addition, job applicant data may be used to comply with legal, regulatory and corporate governance requirements.
Personal Data relating to clients is collected from clients who provide it to us in connection with our provision of services to those clients. Client data is processed in the normal conduct of our business relationship with the client, to perform the services requested by and contracted with our clients.
The only personal data we collect for marketing purposes is the information that you choose to provide to us or information we gather when you send us an email.
We may send periodic communications to U.S. clients and contacts based on perceived interest. We may send periodic communications to contacts and clients outside the U.S. only if: the communication directly relates to the service Duff & Phelps is providing the contact; the individual explicitly requests inclusion from a Duff & Phelps professional; or the individual subscribes to communications via Duff & Phelps' online form.
Where you have consented when providing us with your details, we may also allow carefully selected third parties, including other companies in our group, to contact you occasionally about products and services that may be of interest to you. They may contact you by mail, telephone, fax or e-mail.
A user can unsubscribe from marketing communications at any time by sending a request via email to: firstname.lastname@example.org.
D&P may collect and use personal data that you provide for other purposes, which will be disclosed at the time we collect your data.
D&P Website Use
Automatic Information Gathering
Some information may automatically be collected as you browse our website(s), such as type of browser, operating system, domain name or IP address.
IP Address: An IP address is a unique number that is automatically assigned to your computer when connected to a network. Web servers automatically identify your computer by its IP address. When you visit a Duff & Phelps' website, our servers log your IP address. We may use third party vendors that link IP addresses to companies and customize the information shown on our website based on the type of company linked to an IP address.
Referrers: Duff & Phelps also collects information through "referrers" and various environmental variables. A "referrer" is information the Web browser passes along to Duff & Phelps' Web server that references the URL from which you came. "Environmental variables" include, among other things, the domain from which you access the Internet, the time you accessed our Web site, type of Web browser and operating system or platform used, the Internet address of the Web site you left to visit Duff & Phelps, the names of the pages you visit while at our Web site, and the Internet address of the Web site you then visit. We collect all of this information to allow us to detect broad demographic trends, to provide information tailored to your interests and to enhance your experience on Duff & Phelps' website. Duff & Phelps may store "referrer" information for a limited period of time prior to deleting this information.
Cookies: A cookie is a small amount of data, which often includes a unique identifier that is sent to your computer, tablet or mobile phone browser from a website's computer and is stored on your device's hard drive. The cookie has a unique ID assigned to your device, but does not contain any of your personal information like name or email address. Cookies record information about your online preferences and allow us to tailor our website to your interests. Website cookies will be used to track individual web activity only after the individual accepts cookie tracking from Duff & Phelps' website.
Profiling: To help us improve our website and to ensure that we make every effort to provide you with information and offers that are of interest to you, we may merge your personal data with click-stream data and other data we have (including cookies and offline data). We will provide notice of this, as well as an opportunity to opt-out of it, at the time and place of information collection and before data is entered on our system.
We may also develop a non-identifiable profile on you based on the pages within our site that you visit.
D&Ps’ website may contain links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to read the privacy statements of each and every Web site that they visit. This privacy statement applies solely to information collected when you visit our Web site.
Disclosure/Sharing of Personal Data
D&P may share your information with external third parties, such as vendors, consultants and other service providers who are performing certain services on behalf of D&P. Such third parties have access to Personal Data solely for the purposes of performing the services specified in the applicable service contract, and not for any other purpose. D&P requires these third parties to undertake security measures consistent with the protections specified in this Policy.
D&P may be required to disclose Personal Data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.
If D&P’s business enters into a joint venture with or is merged with another business entity, your information may be disclosed to our new business partners.
Choices (Opt In/Opt Out)
Duff & Phelps provides individuals with notice and an opportunity to “opt-out” if such Personal Data is to be:
1. disclosed to a third party (other than a third party acting on behalf of D&P) or
2. used for a reason that is incompatible with the purposes for which it was originally collected.
D&P generally does not collect Sensitive Personal Data. For Sensitive Personal Data (i.e. personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sexual orientation of the individual), individuals will be given affirmative or explicit "opt-in" choice if the information is to be disclosed to a third party or used for a purpose other than those for which it was originally collected.
Transfer of Personal Data
D&P will only transfer personal data we have collected from the EU to data controllers or processors located outside the EU where such countries provide for an adequate level of personal data protection, where the recipient is a member of the EU Privacy Shield or similar program, pursuant to contract terms ensuring adequate data protection, or pursuant to D&P’s participation in the EU Privacy Shield.
D&P will remain responsible for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf, unless D&P proves that it is not responsible in an event giving rise to damage.
Accuracy and Access
Individuals for whom D&P may have Personal Data are entitled to obtain confirmation of whether his/her personal data are being processed, access the information held, and ask us to correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the laws.
D&P will make a good faith effort to provide access to requested data without undue delay, at the latest within one month. D&P reserves the right to limit or deny access to personal information where providing such information would be unreasonably burdensome or expensive or as otherwise permissible under relevant laws. If D&P determines that access cannot be provided in any particular instance, D&P will provide the individual requesting access with an explanation of why it has made that determination and a contact point for any further inquiries.
Individuals may request access as provided above via email to: DP.Privacy@duffandphelps.com.
D&P will retain Personal Data for a reasonable period of time, taking into account legitimate business needs to capture and retain such information. Information will also be retained for a period of time necessary to comply with state, local, federal regulations, or country specific regulations and requirements, and in accordance with D&P’s Document Retention Policy and Schedule.
D&P takes reasonable and appropriate measures to protect Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction. We will permit only authorized employees, who are trained in the proper handling of personal information, to have access to that information. Employees who violate our security and privacy policies will be subject to our disciplinary process. We employ security measures to protect your information from access by unauthorized persons and against unlawful processing, accidental loss, destruction and damage.
QUESTIONS OR COMPLAINTS
Individuals may contact D&P with questions or complaints at the following email address: DP.Privacy@duffandphelps.com.
D&P will investigate and attempt to resolve any questions or complaints regarding the processing of personal data in accordance with this Policy.
ENFORCEMENT AND DISPUTE RESOLUTION
Individuals are encouraged to raise any complaints regarding the processing of Personal Data to D&P. For complaints that cannot be resolved between D&P and the complainant, D&P has agreed to participate in the dispute resolution procedures of the panel established by the European data protection authorities to resolve disputes pursuant to the EU Privacy Shield. Employees or other data subjects in the European Union who have not been able to resolve a complaint with D&P may contact the independent recourse mechanism listed below:
D&P will cooperate with the EU DPAs in the investigation and resolution of complaints brought under the Privacy Shield. D&P will comply with any advice given by the DPAs where the DPAs take the view that the organization needs to take specific action to comply with the Privacy Shield Principles, including remedial or compensatory measures for the benefit of individuals affected by any non-compliance with the Principles, and will provide the DPAs with written confirmation that such action has been taken.
If a dispute or complaint cannot be resolved by D&P nor by the EU Data Protection authorities, a data subject in the EU has the right to require that D&P enter into binding arbitration pursuant to the Privacy Shield’s Recourse, Enforcement and Liability Principle and Annex I of the Privacy Shield.
For further information regarding the Policy, please contact Duff & Phelps at:
55 East 52nd Street
New York, NY 10055