North Highland Privacy Policy

North Highland recognizes that your privacy is important, and that you care about the information that is collected about you. We want you to feel secure when using northhighland.com. This online privacy statement provides an overview of our privacy and data protection practices, so that you can better understand the steps we take to safeguard your information. If you have further questions, please contact us.

1. About This Privacy Policy

This privacy policy sets out how and why North Highland collects and uses your personal data when you visit this website, including any data you may provide through this website. Our privacy policy as it relates to affiliates and employees is separately available.

2. Who We Are and Our Data Protection Officer

North Highland is made up of different legal entities, details of which can be found on this website. This privacy policy is issued on behalf of the North Highland Group so when we mention “North Highland”, “we”, “us” or “our” in this privacy policy, we are referring to the relevant company in the North Highland Group responsible for processing your data. For all EU and UK data subjects, North Highland UK Limited is the data controller and responsible for this website.

North Highland is a global consulting firm with a twist. We bring big ideas and challenge the norm. We work with our clients, not at them. We deliver value in a way that others cannot, through our seamlessly integrated offerings.

We have appointed a Data Protection Officer for managing our data protection matters and fielding questions about this privacy policy. The contact details of our Data Protection Officer are set out below in the Contact Details.

3. The Types of Data We Collect and How We Collect It

Types of Data.  We collect, use, store and transfer different types of both personal and non-personal information through our website.

Personal data, or personal information means any information about an individual from which that person can be identified. It does not include data from which a person cannot be identified.

We may collect the following categories of personal data about you:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
  • Contact Data includes  physical address, email address and telephone numbers.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • Profile Data includes your username and password.
  • Usage Data includes information about how you use our website and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We may also collect the following categories of personal data from job applicants:

  • Identifiers and Demographic Data.  This includes data such as title, full name, gender, contact details, such as home and work address, phone number(s), email address(es), your geographic preferences for the location of employment, proof of eligibility to work and details of any work permit application, including biometric data.
  • Sensitive Data. This includes data like SSNs or performance reviews, etc. collected for business purposes. However, we will not collect, store, or use any sensitive information for purposes of inferring characteristics about you.
  • Professional or employment-related information. This includes information such as work history and prior employer information.
  • Non-public education information. This is information related to your academic credentials such as what school you went to, what your GPA was, what activities or sports you did in school, or other data on your school transcripts.

We may also collect, use and share non-personal information such as statistical data for any purpose. This non-personal information may be derived from your personal data but is not considered personal data as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature.

If we combine any non-personal information with your personal data so that you can be identified from it, we will treat the combined data as personal data which will be used and protected in accordance with this privacy policy.

How we collect data. We collect data in different ways through our website. You may provide us the data directly when you:

  • Register an account;
  • Request marketing to be sent to you;
  • Contact us; or
  • Apply for employment

Additionally, through the use of cookies  and similar technologies, we may automatically collect Technical Data about your equipment, browsing activity and patterns, and location. Please see the Cookies Policy .

We may also receive personal data about you from certain third parties and use it as follows:

   

Google Analytics

All affiliated first-party cookies are provided on our behalf by Google. These cookies assist with reporting user behavior, enable market research and aid in improving Site functionality. We use the data collected to improve the user experience on our website and enhance our website’s functionality. We may also use this data for ad targeting. You may opt out of these cookies at any time.

 

If you are not logged into your Google account, the information collected is not linked to personal data and instead uses anonymized unique identifier tied to the user’s browser, application or device you are using to view the website. If you are logged into your Google account, some additional information is collected—however, this is treated by Google as personal information and is not available in the Google Analytics platform.

Learn more about how Google manages your data.

You can stop Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on

Google also allows users to personalize their advertising settings.

LinkedIn

Twitter

Facebook

Terminus

Vidyard

We use data from social media platforms like LinkedIn, Twitter, and Facebook for audience targeting and ad targeting. We also use Terminus in conjunction with Salesforce data for more granular targeting. For more details on the user information gathered by these third parties, please review their individual privacy policies:

 

Pardot (Salesforce)

Some forms on our website are linked to Pardot and Salesforce. Pardot is a data collection and evaluation tool that allows us to gather pertinent information on potential and current clients. We use this data for lead generation and receive form completion data and some page view data, which is housed in Salesforce. We also use Pardot for email communication with opted-in clients and prospects. For more information on the data collected by Pardot and Salesforce, please view their privacy policy.

 

Phenom

BullHorn

TextUs

Daxtra

BullHorn Automation

Kyloe

Staffing, Application, Recruiting, and Hiring.

 

For job applicants, we may also receive personal information from independent third parties related to your eligibility for employment, or our ongoing management of our business.

 

4. What Happens If You Fail To Provide Personal Data to Us?

If you fail to provide personal data that we need to perform a contract with you or by law, then we may not be able to provide you with the service the contract relates to. We will notify you when this is the case.

5. Cookies

We may use cookies on our website. For more information on how we may use cookies and how you can use the My Cookie Preferences panel to disable or refuse cookies, please see our Cookie Policy.

6. How We Use Your Data - The Purposes and Lawful Grounds for Processing

Purposes and Lawful Bases. We will use your personal data only where we have a lawful basis for doing so. We process your personal data for a number of purposes. The lawful basis for processing your personal data will depend on the purpose for which it was obtained.  The table below sets out the purposes for which we may process your personal data and the relevant lawful basis/bases that allow for that processing:

Purpose of Processing 

Type(s) of Data 

Our Lawful Basis for Processing 

Managing our relationship with you. 

  • Identity Data. 
  • Contact Data. 
  • Profile Data. 
  • Necessary to comply with a legal obligation. 
  • To perform a contract with you.
  • Consent. 

To register you as a new customer/user. 

  • Identity Data.
  • Contact Data.
  • To perform a contract with you.
  • Consent. 

Marketing and promotions: 

  • Sending you marketing communications or newsletters.
  • Asking you to complete a survey or leave a review. 
  • To deliver relevant website content, advertisements, and information to you and measure or understand the effectiveness of the advertising we serve to you. 
  • To use data analytics to improve our website, services, marketing, customer relationships and experiences. 
  • To make suggestions to you about services that may be of interest to you. 
  • Identity Data. 
  • Contact Data. 
  • Profile Data. 
  • Usage Data. 
  • Marketing and Communications Data. 
  • Technical Data. 
  • Consent. 
  • Necessary for our legitimate interests to study how customers use our services, to develop them, to grow our business and to inform our marketing strategy. 
  • Necessary for our legitimate interests to define types of customers for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy. 
  • Necessary for our legitimate interests to develop our services and grow our business.

Recruiting and Employment:

  • Identity Data. 
  • Contact Data.
  • Profile Data. 
  • Usage Data. 
  • Technical Data. 
  • Consent. 
  • Necessary for our legitimate interests in recruiting and employment. 

 

Changes to the Purposes of Processing. We will only process your personal data for the purpose(s) for which we collected it. If we do need to use your personal data for a new purpose, we will notify you of this and explain the lawful basis we will be relying on.

Please be aware that we may process your personal data without your knowledge or consent where this is required or permitted by law.

 

7. Marketing

By using the ‘My Preferences’ tool you can control how we send you marketing communications. We will send you marketing communications if you have requested information from us or purchased services from us, or if you have provided us with your details when registering for a promotion, and in each case, where you have not opted out of receiving that marketing. 

As well as using the My Marketing Preferences tool, you can opt out of receiving marketing communications by following the opt-out or unsubscribe links on any marketing message sent to you or by contacting us at any time.

8. How We Share Your Personal Data and With Whom

We may need to share your information with certain third parties - these third parties are as follows:

  • Other companies in the North Highland Group acting also as controllers or processors and who are based UK and US, provide IT and system administration services and undertake leadership reporting.
  • Our suppliers acting as processors including: 

 

   

Google Analytics

 

All affiliated  first-party cookies are provided on our behalf by Google. These cookies assist with reporting user behavior, enable market research and aid in improving Site functionality. We use the data collected to improve the user experience on our website and enhance our website’s functionality. We may also use this data for ad targeting. You may opt out of these cookies at any time.

 

If you are not logged into your Google account,

the information collected is not linked to personal data and instead uses anonymized unique identifier tied to the user’s browser, application or device you are using to view the website. If you are logged into your Google account, some additional information is collected—however, this is treated by Google as personal information and is not available in the Google Analytics platform.

Learn more about how Google manages your data.

You can stop Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on

Google also allows users to personalize their advertising settings.

LinkedIn

Twitter

Facebook

Terminus

Vidyard

We use data from social media platforms like LinkedIn, Twitter, and Facebook for audience targeting and ad targeting. We also use Terminus in conjunction with Salesforce data for more granular targeting. For more details on the user information gathered by these third parties, please review their individual privacy policies:

 

Pardot (Salesforce)

Some forms on our website are linked to Pardot and Salesforce. Pardot is a data collection and evaluation tool that allows us to gather pertinent information on potential and current clients. We use this data for lead generation and receive form completion data and some page view data, which is housed in Salesforce. We also use Pardot for email communication with opted-in clients and prospects. For more information on the data collected by Pardot and Salesforce, please view their privacy policy.

 

Phenom

BullHorn

TextUs

Daxtra

BullHorn Automation

Kyloe

Staffing, Application, Recruiting, and Hiring.

 

  • Our professional advisers acting as processors or joint controllers including lawyers, bankers, auditors, insurers who provide us with professional services based in UK and US.
  • For job applicants, we may also share personal information with independent third parties related to your eligibility for employment, or our ongoing management of our business.

We do not sell personal data we collect to third parties.

 

9. Third-Party Links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. When you leave our website, we strongly recommend you read the privacy policy of every website you visit.

10. Requesting Access to Your Personal Data

Under certain data protection laws, some individuals have the right to request access to information about them that we hold. To make a request for your personal data please contact GDPR@northhighland.com or privacy@northhighland.com.

11. International Transfers

We share your personal data in certain ways that may involve transferring your personal data to countries outside of the European Economic Area (“EEA”) whose laws do not afford the same level of protection to personal data as within the EU.  We do this in the following ways:

  • To other entities within the North Highland Group.
  • To the third-party suppliers as referenced above.
  • Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by putting in place the following safeguards:
12. Data Security

While we store and use your personal data we will ensure the appropriate security of your personal data including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach as is required by the law.

13. Retention of Your Data

We will not keep your personal data longer than is necessary for the purpose for which we use it. In order to continue to provide you requested information and consider applicants for additional employment opportunities, we will retain your personal data until you request that we delete it.

In some circumstances we may anonymize your personal data (so that it can no longer identify you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

14. Your Other Privacy Rights

Persons living or working in some jurisdictions have certain additional privacy rights.

Data subjects in the European Union, Switzerland and the United Kingdom have a right to:

  • Be informed of how we are processing your personal data – this privacy policy serves to explain this to you, but please contact us if you have any questions;
  • Have your personal data corrected if it is inaccurate or incomplete;
  • Have your data erased (the right to be forgotten) in certain circumstances – e.g. where it is no longer needed by us the purpose for which it was collected or you have withdrawn your consent. Please note however, that in certain circumstances, we may not be able to comply with your request of erasure for legal reasons. If this is the case, we will notify you at the time you request deletion;
  • Restrict the use of your data in certain circumstances, e.g. where you have told us the data is inaccurate and we are in the process of checking this. In such circumstances we will continue to store your data but will not process it further until we have checked and confirmed whether the data is inaccurate;
  • Object to the processing of your data in certain circumstances, e.g. you may object to processing of your data for direct marketing purposes;
  • Object to decisions being taken by automated means;
  • Request the transfer of your personal data to a third party. Please note this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you; and
  • To withdraw your consent at any time to processing where we are relying on consent as the lawful basis, e.g. to receiving marketing communications. Please note if you withdraw your consent, we may not be able to provide certain services to you.  We will let you know if this is the case at the time you withdraw your consent.

If you have any concerns about the way we are collecting or using your personal data, please contact us. You also have the right to lodge a complaint with the UK’s supervisory authority for data protection matters at https://ico.org.uk/concerns/

California Consumer Rights. California affords certain privacy rights to its residents (“Consumers”) regarding their personal information:

  • California residents using our website may request and obtain a list of personal information we disclosed to third parties for the preceding calendar year as well as the names and addresses of those third parties. To make such a request, please contact us at privacy@northhighland.com.
  • California residents may also:
     
    • Request to Know. You have the right to request access to personal information that we collected for the previous 12 months. Please note that if your access request requires the disclosure of personal information of another individual, we won’t be able to comply with all of your access request. Similarly, if responding to your access request would cause us to violate any law, rule, regulation, or law enforcement request, we would not be able to fulfill your request.
    • Request to Delete. You have the right to request that we delete personal data that we collected from you. However, we are not required to comply with your request if it is necessary for us or our service provider to maintain your personal data in order to complete the transaction with you; detect security incidences; identify and repair errors; exercise free speech; comply with the California Electronic Communications Privacy Act; engage in certain public interest research; use internally in a manner reasonably aligned with your expectations; comply with a legal obligation or otherwise use your personal data internally in a way that compatible with the context in which you provided it.
    • Right to Opt-out. You have the right to opt-out of the sale of your personal data to Third Parties at any time. This means that once you exercise your right to opt-out of the sale of your personal information, we are required to honor your request. North Highland does not sell personal information collected through our website to Third Parties.
    • Exercise of California-Specific Rights. You have the right to be free of discrimination for exercising your consumer privacy rights. We will not deny you goods or services, charge different amounts or provide a different quality level of goods or services for exercising your rights unless the difference is reasonably related to the value of your data.
15. Changes to Your Personal Data

It is important that the personal data we hold about you is accurate and current. Please let us know if your personal data changes and we need to update our records.

 

16. Contact Details

If you have any questions about this privacy policy or about your legal rights, please contact the Security Architecture Director using the details set out below.

North Highland (UK) Limited

Shaun Boucher

Security Architecture Director

GDPR@northhighland.com

3333 Piedmont Road | Suite 1000 | Atlanta, GA 30305

404.439.1640

California Consumer Privacy Act:

Shaun Boucher

Security Architecture Director

Privacy@northhighland.com

3333 Piedmont Road | Suite 1000 | Atlanta, GA 30305

855.644.3578

17. How To Exercise Your Rights

To exercise your rights, you may submit a request for information by contacting us at 1-855-644-3578 or privacy@northhighland.com

18. Changes to this Privacy Policy

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.