California Residents – For Contacts and Potential Clients or Suppliers

ghSMART California Consumer Privacy Act (“CCPA”)

January 1, 2023

This ghSMART CCPA Privacy Policy (“privacy notice”, “privacy statement”, or “notice”) describes how G. H. Smart & Company, LLC and its subsidiaries (collectively “ghSMART”) collect and use personal information about California residents during and after their relationship with us. Our mailing addresses are included at the end of this notice.

Scope

In this notice, we provide additional information to California residents about how we handle their personal information, as required by the CCPA. This section does not address or apply to our handling of publicly available information or other personal information that is exempt under the CCPA.

It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

For the purposes of the CCPA, ghSMART is a “business”. This means that we are responsible for deciding how we hold and use personal information about you. As a business we are required under CCPA to notify you of the information contained in this privacy notice.

Your data

Categories of Personal Information Collected and Disclosed.  While our processing of personal information varies based upon our relationship and interactions with you, the section below identifies, generally, the categories of personal information (as defined by the CCPA) that we have collected about California residents, as well as the categories of third parties to whom we may disclose this information for a business or commercial purpose.

  • Identifiers: Includes direct identifiers, such as name, email address, phone number, address, other contact information
    • Categories of Third Party Disclosures: service providers, regulators, government entities and law enforcement, internet service providers required for cloud data storage, email, antivirus protection and standard technology operations, operating systems and platforms, and others as required by law
  • Customer Records: Includes personal information, such as name, contact information, education and employment information, SSN and government identifiers that individuals provide us in order to purchase or obtain our products and services.  For example, this may include information collected when an individual requests a proposal or our products and services, or enters into an agreement with us related to our products and services
    • Categories of Third Party Disclosures: service providers, regulators, government entities and law enforcement, internet service providers required for cloud data storage, email, antivirus protection and standard technology operations, operating systems and platforms, and others as required by law
  • Audio, visual and other electronic data: Includes interview recordings, transcriptions and other audio recordings (e.g., recorded interview sessions)
    • Categories of Third Party Disclosures: service providers, regulators, government entities and law enforcement, internet service providers required for cloud data storage, email, antivirus protection and standard technology operations, operating systems and platforms, and others as required by law
  • Professional Information: Includes professional and employment-related information such as current and former employer(s) and position(s), business contact information and professional memberships
    • Categories of Third Party Disclosures: service providers, regulators, government entities and law enforcement, internet service providers required for cloud data storage, email, antivirus protection and standard technology operations, operating systems and platforms, and others as required by law
  • Sensitive Personal Information: In limited circumstances, we may collect social security, driver’s license, state identification card, or passport number
    • Categories of Third Party Disclosures: service providers, regulators, government entities and law enforcement, internet service providers required for cloud data storage, email, antivirus protection and standard technology operations, operating systems and platforms, and others as required by law

Sales and Sharing of Personal InformationCalifornia privacy laws define a “sale” as disclosing or making available to a third-party personal information in exchange for monetary or other valuable consideration, and “sharing” broadly includes disclosing or making available personal information to a third party for purposes of cross-context behavioral advertising.  We do not sell or share personal information or sensitive personal information as defined by CCPA, nor do we sell or share any personal information about individuals who we know are under sixteen (16) years old.

Sources of Personal informationIn general, we may collect personal information from the following categories of sources:

  • Directly from the individual
  • Government entities

Purposes of Collection, Use and Disclosure.

In this section we outline the purposes for which we may process your personal information.

I. For the Purpose of Marketing, Business Development or Distributing Publications

More specifically, we use your personal information described above for the following purposes, which are listed under our applicable legal basis for processing your data for that purpose:

To engage with potential clients where we may provide services and products

  • Maintaining contact information for current and prospective clients;
  • Meeting arrangement/travel/scheduling;
  • Providing information about our products, services, research and events to prospective clients;
  • Creating a proposal or a proposed agreement to provide services.

To comply with record keeping obligations

  • To comply with record keeping obligations for external financial statement audits to substantiate our business transactions;
  • To comply with record keeping obligations for tax records to support our tax returns.

To comply with applicable laws

  • To comply with legal obligations and act in accordance with legal authorizations, including to comply with our legal and regulatory requirements;

II. For the Purpose of Supplier Evaluation and Supplier Management

More specifically, we use your personal information described above for the following purposes, which are listed under our applicable legal basis for processing your data for that purpose:

To engage with potential suppliers that may provide services and products

  • Maintaining contact information for current and prospective suppliers;
  • Meeting arrangement/travel/scheduling;
  • Providing information about our products, services and events to current and prospective suppliers;
  • Creating a proposal or a proposed agreement for supplier services.

Uses of Sensitive Personal Information

Notwithstanding the above, we only use and disclose sensitive personal information as reasonably necessary (i) to perform our services requested by you, (ii) to help ensure security and integrity, including to prevent, detect, and investigate security incidents, (iii) to detect, prevent and respond to malicious, fraudulent, deceptive, or illegal conduct, (iv) to verify or maintain the quality and safety of our services, (v) for compliance with our legal obligations, (vi) to our service providers who perform services on our behalf, and (vii) for purposes other than inferring characteristics about you.  We do not use or disclose your sensitive personal information other than as authorized by CCPA.

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

The period for which data is stored 

The information we collect during the ghSMART service process will form part of our records and as such will be retained as required by legal, accounting, reporting standards as reflected in the ghSMART corporate records retention policy applicable to our business. ghSMART may also be required to retain this information based on statute of limitations for specific countries, as well as government record retention requirements for tax purposes. ghSMART reviews the data to determine that the policy for data storage is in line with our stated purposes for which we may process your data. In some circumstances, we may deidentify or aggregate your personal information so that it can no longer be associated with you, in which case we may continue to use such information without further notice to you.

Your rights

CCPA Rights. Under the CCPA, California residents have the following rights (subject to certain limitations):

  • Opt out of sales and sharing: The right to opt-out of our sale and sharing of their personal information. As noted above, we do not sell or share (as such terms are defined in CCPA) personal information.
  • Limit uses and disclosure of sensitive personal information: the right to limit our use or disclosure of sensitive personal information to those authorized by the CCPA.
  • Deletion: the right to the deletion of their personal information that we have collected, subject to certain exceptions.
  • To know/access. The right to know what personal information we have collected about them, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about them.
  • Correction. The right to correct inaccurate personal information that we maintain about them.
  • Non-discrimination. The right not to be subject to discriminatory treatment for exercising their rights under the CCPA.

How to Exercise Available Rights. If you think we may have incorrect personal information, or would like a copy of the personal information we hold on you, or to exercise any other data protection rights under applicable data protection laws, please contact dataprotection@ghsmart.com or call +1 877 294 3368.

We will take steps to verify your request by matching the information provided by you with the information we have in our records. This may include your first and last name, email address, physical address, telephone number, and information about your relationship with us or other information needed to verify your identity. You must provide us with this information via the above phone number or email address to verify your request.  We will process your request based upon the personal information in our records that is linked or reasonably linkable to the information provided in your request. We may need to request additional specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another security measure designed to ensure that personal information is not disclosed to any person who has no right to receive it. If we are unable to adequately verify a request, we will notify the requestor.  Authorized agents may initiate a request on behalf of another individual; authorized agents will be required to provide proof of their authorization and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.

No fee usually required

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

Changes to this privacy notice

Any changes we make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy notice.

Contact details 

If you have any questions about this privacy notice or how we handle your personal information, please contact: dataprotection@ghsmart.com or +1 877 294 3368.

Mail address:

G. H. Smart & Company, LLC
203 North LaSalle Street
Suite 2100
Chicago, IL 60601
The United States of America