Privacy Policy
The Lockwood Group (collectively, “we”, “us” or “our”) is providing this privacy notice (this “Privacy Notice”) to help you make informed decisions when using our services and when visiting our website (www.thelockwoodgrp.com) (our “Website”). This Privacy Notice describes how and why we process any personal data that we collect from or about you, and describes your rights in respect of our processing of your personal data.
I. Who we are
We are a medical communications firm. With respect to the personal data we collect directly from you, we will typically be the data controller. In some cases, we may process personal data on behalf of other parties, such as our clients. In those cases, we will typically be the data processor.
II. Types of personal data we process
We may collect, use, store, transfer and otherwise process various types of personal data about you, including:
- Identity data, including first name, last name or similar identifier, details about your education, professional accreditations, job title, company name and job description;
- Social security number or national identification number;
- Contact data, including home and business mailing addresses, email addresses, telephone numbers and fax numbers;
- Username and password when you register on our Website;
- Technical data, including internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device identifiers, geolocation information, and other technology on the devices you use to access our Website;
- Information about how you use our Website and our services;
- Your preferences in receiving marketing from us and from third parties, as well as your communication preferences; and
- Any other personal data that you may provide to us; and
- Any other personal data about you that is provided to us by our clients.
- We may collect personal data about you from our clients. When you provide your personal data to our clients, our clients may share that personal data with us.
We also may collect your personal data from third parties, such as eTouch Systems (“eTouch”), which is a third party vendor that collects personal data from individuals on our behalf on its website. After you provide your personal data to eTouch, eTouch then provides such personal data to us.
“Personal data” does not include anonymous data (ie, Information that does not relate to an identified or identifiable natural person, or personal data rendered anonymous in such a manner that the individual is no longer identifiable.)
We may process aggregated data such as statistical or demographic data for any purpose. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific Website feature. If we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data that will be used in accordance with this Privacy Notice. We may also collect details of your visits to the Website, including traffic data, location data, logs and other communication data and the resources that you access and use on the Website.
III. Our Purposes For Processing Personal Data
Below is a non-exhaustive list of our purposes for processing personal data.
A. Using Our Website and Providing Services to You
We collect and maintain personal data that you submit to us during your use of our Website or our services. In addition, we may contact you to request feedback about our services in the form of online or postal communications. We use your feedback to monitor the quality of our services.
Our lawful basis for processing your personal data for this purpose are (a) performance of any contract we are about to enter into or have entered into with you, and (b) it is necessary for our legitimate interests.
B. Insight and Analysis
We analyze your personal data that we collect from your interactions with our Website, our email communications to you, and in connection with our services. The data we collect and analyze may include IP addresses; session ID information, information regarding your personal or professional interests, demographics, your experience with our services, and your contact preferences.
By collecting and analyzing this data, we seek to measure the effectiveness of our content and how visitors use our Website and use our services. We also use this information for marketing purposes.
Our lawful basis for processing your personal data for this purpose is that it is necessary for our legitimate interests.
C. Protecting Our Rights and Responding to Legal Requests
We may process and disclose any personal data without your consent if we believe in good faith that such action is necessary (i) to protect and defend the rights, property or safety of us or our employees, affiliates, or the public; or (ii) to satisfy any applicable law, regulation, legal process, court order, subpoena, or other governmental or regulatory (including law enforcement) request.
Our lawful basis for processing your personal data for this purpose are (a) it is necessary for our legitimate interests, and (b) we need to comply with a legal or regulatory obligation.
D. For Purposes Directed By Our Clients
When you provide your personal data to our clients, our clients may share that personal data with us. We may process that personal data for the particular purposes that our clients have directed. For example, our clients may provide personal data about you to us in connection with a particular conference or other event that we host.
Our lawful basis for processing your personal data for this purpose are (a) it is necessary for our legitimate interests, and (b) either our client or we may have obtained your consent.
E. Job recruitment
We may process your personal data to assess your suitability for any position of employment for which you may apply with us. Such data may include education history, employment history and professional designations, information regarding your work authorization status, and other information about your background and qualifications.
You may communicate with us or apply for a job with us via a third party service (eg, LinkedIn or Indeed) or via recruiting firms or staffing firms. In these instances, such third parties will share your personal data with us.
Our lawful basis for processing your personal data for this purpose are (a) performance of any contract we are about to enter into or have entered into with you, (b) when we have obtained your consent, and (c) it is necessary for our legitimate interests.
F. Business transactions
We may process your personal data to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.
Our lawful basis for processing your personal data for this purpose are (a) it is necessary for our legitimate interests, and (b) we need to comply with a legal or regulatory obligation.
G. Other purposes
In addition to the above, we may use personal data for other purposes for which either we or our client(s) will provide notice to you at the time of collection, or as otherwise permitted under applicable law.
Our lawful basis for processing your personal data for this purpose may include (a) it is necessary for our legitimate interests, (b) we need to perform the contract we are about to enter into or have entered into with you, (c) we need to comply with a legal or regulatory obligation, and (d) we may have obtained your consent.
IV. If You Fail to Provide Personal Data to Us
If you fail to provide personal data to us when requested, we may not be able to provide services to you. We may also not be able to perform any contract we have (or are trying to enter into) with you.
V. Our Sharing of Personal Data With Third Parties
Our clients may provide personal data about you to us in connection with a particular conference or other event that we host. We may share that personal data about you with other participants in that event.
Additionally, we use third party service providers (our “Service Providers”) to assist us in operating our business. Service Providers provide a wide range of services to us, including legal and compliance, accountancy, investment banking, marketing, data analytics, telecommunications (including telephone and video conferencing), website administration, information technology, courier, human resources, security services and catering services.
From time to time, we may share your personal data with our Service Providers, and those Service Providers may process your personal data on our behalf and at our direction in connection with the services they provide to us. The types of personal data we may share with our Service Providers include:
- Your name;
- Your contact data (including home and business mailing addresses, email address, telephone numbers and fax numbers);
- Your national identification number or Social Security number;
- Technical data, including internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device identifiers, geolocation information, and other technology on the devices you use to access our Website;
- Information about how you use our Website and our services;
- Your preferences in receiving marketing from us and from third parties, as well as your communication preferences;
- Your dietary requirements or restrictions; and
- Your frequent flyer numbers, hotel rewards program numbers, and your travel preferences.
- We may also share anonymous / aggregated information with third parties, including our Service Providers, to facilitate our business operations.
We only permit our Service Providers to process your personal data for specified purposes and in accordance with our instructions. Our Service Providers are also required to treat personal data confidentially and to keep it secure.
Our Website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or process personal data about you. We do not control third-party websites, plug-ins or applications, and we are not responsible for their privacy and security policies and practices. When you leave our Website, we encourage you to read the privacy notice of each other website you visit.
We may also share personal data with third parties (including governmental or regulatory authorities) if we are legally required or authorized to do so. For example, we may share personal data in connection with a subpoena, search warrant or other court order, or pursuant to the requirements of any regulatory body having jurisdiction over us.
VI. Cookies and Similar Technologies
Our Website and our emails contain cookies, pixels, beacons, log files and other technologies (collectively, “Tags”) that allow us to collect certain information by automated means. The information we collect in this manner includes your IP address, network location, browser characteristics, device characteristics, operating system, referring URLs, information on actions taken on our Website, and dates and times of visits to our Website. This information allows us to, among other things, track receipt of an email to you, to count users that have visited a web page or opened an email and collect other types of aggregate information.
Once you click on an email that contains a Tag, your contact information may subsequently be cross-referenced to the source email and the relevant Tag. In some of our email messages, we use a “click-through URL” linked to certain website administered by us or on our behalf.
“Cookies” (such as HTTP, HTML5 and Flash cookies) are text files that websites send to a visitor’s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings on the device. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognizes that cookie. Cookies allow a website to recognize a visitor’s device and to target the content displayed to the visitor’s interests. We use cookies to understand your preferences based on previous or current activity on our Website, which enables us to provide you with improved services, and allows us to compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.
These technologies are used in analyzing trends, administering our Website, tracking users’ movements around our Website, and gathering demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as an aggregated basis.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. If you disable cookies, some features of our Website may become disabled, and some aspects of our Website may not function properly. Deleting cookies does not necessarily delete Flash objects. You can learn more about Flash objects – including how to control and disable them – through the Adobe interface. If you choose to delete Flash objects from our Website, then you may not be able to access and use all or part of our Website or benefit from the information and services offered.
We also may use pixel tags to tell us what parts of our Website that you have visited, to measure the effectiveness of any searches you may do on our Website, or to interact with analytical tools or other marketing tools that gather data and customer usage information.
VII. “Do Not Track” Signals
Our Website does not respond to “do not track” signals or similar mechanisms – where a visitor to our Website would request that we disable the collection of information about the visitor’s online activities. We may also permit third parties to collect aggregate usage information on our Website, and they also may not respond to “do not track” signals.
VIII. Retention of Personal Data
We may retain your personal data for as long as it is necessary to fulfill the purposes for which we have collected such data, including for the purposes of satisfying any legal, regulatory, accounting, reporting, insurance, professional indemnity, internal policy or other requirements. We may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes. In such cases, we may use this information indefinitely without further notice to you.
IX. Personal Data of Children
We do not knowingly collect personal data from individuals under the age of 18. By using the Websites or by otherwise communicating with us, you represent and warrant to us that you are at least 18 years of age. Individuals under the age of 18 may not share any of their personal data with us.
X. How You Can Help Keep Your Personal Information Safe
We have implemented appropriate technical and organizational measures to ensure a level of security of personal data appropriate to the risk.
There are many steps you can take to help keep your information safe. First, choose a complex, independent password for use on our Websites. You should not include anything related to your birthday, address, phone number, PIN number or any other easily guessable information in your password.
Second, exercise caution when using public computers or WiFi networks, such as at a coffee shop or library. To best protect your personal information and login information, do not use public computers or public WiFi to access your accounts. If you must do so, you should ensure that you log out of your account entirely.
In recent years, individuals, businesses and even governments have seen a rise in “phishing” attacks. Phishing occurs when someone attempts to obtain your password or other sensitive information. Scammers often do this by impersonating a trusted user or offering a compelling reason to open a malicious email attachment, click on a link or give over information. We will not ask for your sensitive information (such as a password), over email or other unsecure methods or through any site not under the thelockwoodgrp.com domain.
The safety and security of your information also depends on you. We urge you to be careful about giving out information in public areas of the Website. The information you share in public areas may be viewed by any other user of the Website.
The transmission of information via the internet is not completely secure. Although we take reasonable measures to protect your personal information, we cannot guarantee the security of your personal information transmitted to us. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.
XI. Information for California Residents Only
If you are a California resident, California law may provide you with additional rights regarding our use of your personal data. To learn more about your California privacy rights, please see our Privacy Notice Supplement for California Residents Only.
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits California residents to request certain information regarding our disclosure of certain personal data to third parties for their direct marketing purposes. To make such a request, please send an email to the email address at the end of this Privacy Notice, or write us at the mailing address at the end of this Privacy Notice.
XII. Information for Nevada Residents Only
We currently do not sell data triggering the opt-out requirements of Nevada Revised Statutes Chapter 603A. This means that we do not exchange personal data of Nevada residents for monetary consideration to a recipient, for that recipient to license or sell such covered personal data to third parties.
XIII. Specific Rights of Individuals in the European Economic Area (“EEA”) only
This section applies only to individuals in the European Economic Area.
Under the General Data Protection Regulation (the “GDPR”), individuals in the European Economic Area (“EEA Individuals”) have certain rights in relation to their personal data, which are summarized below. These rights are subject to your exercising them in good faith and are subject to our legitimate interests or other valid basis to continue processing your personal data, in accordance with our policies and applicable law.
EEA Individuals who wish to exercise any of the rights they have under the GDPR should contact us in writing by mail or email. Our mailing and email addresses are shown at the end of this Privacy Notice. We may need to request specific information to help us confirm your identity, so that your personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request.
Generally, EEA Individuals will not have to pay a fee to exercise the rights described below. However, we may charge a reasonable fee if your request is unfounded, repetitive or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
EEA Individuals may lodge a complaint with the appropriate regulatory body or supervisory authority in the country where they reside, where they work, or in the place of the alleged infringement of the law.
A. Access
If asked by an EEA Individual and if we are obligated to do so under applicable law, we will inform that individual about whether we are processing his/her personal data. If we are processing such EEA Individual’s personal data, we will provide access to the personal data that we have about that individual. If you request additional copies of your personal data, we may charge you a reasonable fee.
B. Rectification (ie, correction)
If the personal data we hold about an EEA Individual is inaccurate or incomplete, that individual may ask us to have it corrected.
C. Erasure
EEA Individuals may request that we erase (ie, delete or remove) their personal data in certain circumstances. If you are legally entitled to erasure, and if we have shared such personal data with third parties, we will take reasonable steps (taking into account available technology and the cost of implementation) to inform such third parties of your request, to the extent we are required to do so by applicable law.
D. Restriction of processing
EEA Individuals have the right to restrict the processing of their personal data in certain circumstances, such as if they contest the accuracy of that personal data, if the processing of the personal data is unlawful, or if we no longer need the personal data for our business purposes. If you are legally entitled to restriction, and if we have shared your personal data with others, we will use reasonable efforts to inform such third parties of your request, if we are required to do so.
E. Data portability
EEA Individuals may ask to receive their personal data from us, where the legal basis of our processing is their consent, and where we carry out the processing of their personal data by automated means. If EEA Individuals so request, we may transmit their personal data directly to another organization if we determine in our reasonable discretion that it would be technically feasible to do so.
F. Objection to processing
EEA Individuals may object to the processing of their personal data where we are relying on a legitimate interest (or those of a third party). As noted above, you also have the right to object (ie, opt out of) our processing of your personal data for direct marketing purposes.
G. Automated Decision-Making and Profiling
EEA Individuals have the right not to be subject to a decision when it is based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us.
We do not engage in decision-making based solely on automated processing, including profiling, which produces legal effects concerning an individual or similarly significantly affects an individual.
H. Processing of Special Categories of Personal Data and of Personal Data Relating to Criminal Convictions and Offenses
There are certain types of personal data that require a higher level of protection, known as “special categories” of personal data under the GDPR. We do not process special categories of personal data unless (a) we have obtained such individuals’ explicit consent or (b) we are otherwise legally permitted to do so. For example, we may collect special categories of personal data of EEA Individuals in the context of dietary requirements or restrictions for events and meetings that such individuals voluntarily provide to us.
We do not collect personal data about criminal convictions and offenses, unless revealed by due diligence conducted to comply with a legal or regulatory obligation or unless we are authorized to do so under applicable law.
I. Withdrawing consent
In certain circumstances, EEA Individuals have the right to withdraw their consent to our processing of their personal data. However, withdrawal of consent will not affect the lawfulness of any processing that had been carried out before consent is withdrawn. Moreover, if we rely on another legal basis (eg, performance of a contract or legitimate interest) to process your personal data, we may continue to process your personal data in accordance with such other legal basis even after you withdraw your consent. If you decide to withdraw your consent, we may not be able to provide services to you.
XIV. Information Regarding International Data Transfers
We are based in the United States and our computer servers are located in the United States. Accordingly, all personal data in our possession and control is collected and processed by us in the United States. Any party that provides personal data to us is thereby transferring such data to the United States, and is consenting to the transfer of their personal data to the United States. Individuals who access the Website from outside the United States do so on their own initiative and are responsible for compliance with local laws, rules and regulations. Please note that the United States may have data privacy and data protection laws that are less stringent than those of your home country. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in other countries may be entitled to access your personal data.
XV. Change of control
Personal data may be shared or transferred in connection with a sale, merger, acquisition, divestiture, reorganization, dissolution, or other disposition (whether of assets, stock or otherwise), or in the event of our bankruptcy, liquidation or similar proceeding.
XVI. Revisions to This Privacy Notice
This version of the Privacy Notice is effective as of the date set forth above, and supersedes all earlier versions. We may update this Privacy Notice from time to time, and any subsequent versions of this Privacy Notice will be posted on our Website. You are responsible for periodically visiting our Website to check for any updates to this Privacy Notice.
XVII. Questions or concerns
If you have any questions or concerns about our use of your personal data, you may contact us using our contact information below.
XVIII. Our Contact Information
The Lockwood Group
1055 Washington Boulevard
Stamford, Connecticut 06901
USA
Telephone: +1 (203) 252-5623
Email: compliance@thelockwoodgrp.com
Contact person: Greg Baden