The Dedham Group, LLC Website Privacy Policy

Effective on April 2020

Introduction and Scope

The Dedham Group, LLC (together, “Dedham”, “we”, “our,” or “us”) is committed to protecting the privacy of your Personal Information (as defined below). We respect individual privacy and value the trust of our clients, employees, business partners, and others who provide their Personal Information to us. This privacy policy explains what Personal Information we collect from you and how we use it and is intended to give you confidence in the privacy and security of your Personal Information.

Information Collection

“Personal Data” means any information or set of information that identifies or could be used to identify you, either directly or indirectly. Personal Data does not include information that is anonymized such that an individual cannot be identified.

Personal Data collected by Dedham may include name, address, contact numbers, and email address, but may also include other information you may choose to provide us with (for example, to provide a requested service, where an employment opportunity is being processed). You may voluntarily provide us with Personal Data in a number of ways: (1) to receive additional information about Dedham (i.e., newsletters, press releases, marketing materials), (2) if you are interested in pursuing an employment opportunity with Dedham, (3) we collect your information from publicly available platforms such as LinkedIn, (4) you provide it directly to us at an event or conference, (5) our clients (including their employees, contractors, and other representatives of the company) provide it to us.

Controllership

Within the scope of this Policy, The Dedham Group acts as a data controller for the Personal Data we process.

Basis of Processing

We may process your Personal Data on the basis of:

the need to perform a contract with you or to take steps at your request prior to entering into a contract;
our legitimate interests, such as our interest in marketing and selling our Services;
the need to comply with the law; or
any other ground, as required or permitted by law.

Where we receive your Personal Data as part of providing our Services to you based on a contract, we require such Personal Data to be able to carry out the contract. Without that necessary Personal Data, we will not be able to provide the Services to you.

Categories of Personal Data

We may process the following types of Personal Data:

biographical information, such as first and last name;
eployment information, such as the name, address, contact information of your employer; and
contact information, such as email address and postal address.

Purposes of Processing

We may process your Personal Data for the purposes of:

marketing and selling our Services to you;
enabling the use of our Services;
responding to your requests or questions; and
sending you email marketing communications about our business which we think may interest you.

Data Retention

When the purposes of processing are satisfied and no lawful basis of processing remains, we will delete your Personal Data.

Other Disclosure of Your Personal Data

We may disclose your Personal Data to the extent required by law, or if we have a good-faith belief that we need to disclose it in order to comply with official investigations or legal proceedings (whether initiated by governmental/law enforcement officials or private parties). We may also disclose your Personal Data if we sell or transfer all or some of our company’s business interests, assets, or both, or in connection with a corporate restructuring. Finally, we may disclose your Personal Data to our subsidiaries or affiliates, but only if necessary for business purposes, as described in the section above.

We reserve the right to use, transfer, sell, and share aggregated, anonymous data for any legal business purpose. Such data does not include any Personal Data. The purposes may include analyzing usage trends or seeking compatible advertisers, sponsors, and customers.

If we have to disclose your Personal Data to governmental/law enforcement officials, we may not be able to ensure that those officials will maintain the privacy and security of your Personal Data.

Data Integrity & Security

We have implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect Personal Data from unauthorized processing. This includes unauthorized access, disclosure, alteration, or destruction.

Access & Review

If we process your Personal Data, you may have the right to request access to (or to update, correct, or delete) such Personal Data. You may also have the right to ask that we limit our processing of such Personal Data, as well as the right to object to our processing of such Personal Data. You may also have the right to data portability.

To submit these requests or raise any other questions, please contact us by using the information in the “Contact Us” section below.

Privacy of Children

We do not knowingly collect the Personal Data of children under the age of 18 in the context of our business or commercial purposes.

Changes to this Policy

We reserve the right to amend this Policy at our discretion and at any time. When we make material changes to this Policy, we will notify you through a notice on our website homepage. We will also update the “Effective” date. By continuing to use our Services after we post any of these changes, you accept the modified Policy.

Contact Us

If you have any questions about this Policy or our processing of your Personal Data, please write to our firm at privacy@dedhamgroup.com or by postal mail at:

The Dedham Group, LLC

One Penn Plaza, Suite 2505

New York, NY 10119

Please allow up to 45 days for us to reply.

PRIVACY POLICY FOR CALIFORNIA RESIDENTS

If you are not a California Resident, the below policy does not apply to you. Please refer to our main privacy policy above.

Last updated: April 2020

This Privacy Policy (“policy”) describes how The Dedham Group LLC (“we”) collect, use and disclose the personal information (as defined below) of California residents who are sales prospects and/or users of our services (including visitors to our websites) (“consumer” or “you”). This policy applies to personal information collected by our website, applications, services and products (collectively “services”), and in the course of routine offline business contact with you.

We adopted this policy to comply with the California Consumer Privacy Act of 2018 (“CCPA”). Any terms defined in the CCPA have the same meaning when used in this policy.

1. Information we collect

This policy relates to the collection of information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household or device (“personal information”).

The table below indicates the categories of personal information about consumers that we may have collected within the last twelve (12) months. Note that the examples given below do not represent a comprehensive list. Note also that not all categories and examples shown below may apply to you.

Category	Examples
Identifiers	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, or other similar identifiers.
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, or other similar identifiers.
Commercial information	Records of services purchased or obtained from us, or considered, or other purchasing or consuming histories or tendencies relating to our services.
Internet or other similar network activity	Browsing history, search history, information on a consumer’s interaction with our services and advertisements.
Geolocation data	A device’s physical location – to the extent that an IP address may provide information regarding the location of a device you use to access our services.
Professional or employment-related information	Current or past job history.

2. Where we collect information

Directly from you when you use our services or interact with us or indirectly through cookies and similar technologies included in our services (please click here for our cookies policy).
From the organization(s) to which you belong or person(s) who have arranged your access to our services, e.g. your employer or the institution you are affiliated with may provide us with contact information so that we can set up your login.
Our partners and service providers, e.g. technology providers in connection with your use of our services.
Public or paid-for sources, e.g. we may acquire marketing lists from third parties to identify prospects for our services

3. Using your personal information

We may use or disclose your personal information for one or more of the business purposes listed below or to carry out other reasonable business purposes consistent with this list:

Customer and product administration: to provide you with our services and information that you requested or that you access through our services, create product accounts, provide user and technical support, enforce our terms of business, report product usage information to our customers and business partners, report to our content and technology providers, contact you about renewal of your subscriptions, and other related administrative tasks.
Legal rights: to exercise our rights and to the extent reasonably required, to assist third parties (such as your employee or our business partners) in exercising their rights, and to defend ourselves from claims and to comply with laws and regulations that apply to our group or third parties with whom we work.
Product personalization: to deliver personalized functionality in our services, for instance we may retain your browsing and usage information to make your searches within our services more relevant. We also analyze product usage information to understand which content and tools are most useful for you and to allow us to deliver and suggest tailored content, features and other Dedham services that we believe may interest you.
Product analysis and development: we may use information collected on our services, usually in aggregated form, to analyze the functionalities we offer and to improve the design and content of our services (including sharing your personal data across our group which allows us to make all our services more user-friendly). We may also provide information about your use of the services to a third party who has made the services available to you (for instance, your employer) or to a business partner whose content or technology you accessed through the services.
Marketing: to send you marketing messages for Dedham services that may interest you. You can opt out from marketing messages at any time either by clicking the unsubscribe link on the message or emailing us at privacy@dedhamgroup.com. We do not disclose your contact information to third parties for their marketing purposes.
Security: to protect the security of our IT systems, architecture and networks as well as to prevent misuses of our services.
Legal obligation: to carry out our contractual obligations to you or to comply with legal or regulatory obligations such as to respond to a court order or a regulator.
Business restructuring or similar transactions: to participate in, or be the subject of, any sale, merger, acquisition, restructure, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock.

We may also use your personal information as described to you in a notice when collecting your information.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

4. Sharing your personal information

In the preceding twelve (12) months, we have not sold any personal information as covered by this policy.

To make our services work as intended, we may need to share your personal information with other third parties and service providers.

In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:

Identifiers
California Customer Records personal information categories
Commercial information
Internet or other similar network activity
Geolocation data
Professional or employment-related information.

We may disclose your personal information for a business purpose to the following categories of third parties:

Service providers such as cloud computing providers and web analytics services like Google Analytics and credit card payment processors.
Business partners with whom we deliver co-branded services or host events; or whose content or technology we make available through our services.
Professional advisors such as legal counsel and information security professionals where reasonably required to protect our rights, users, systems and our services.

Prospective and actual buyers, sellers, advisers or partners in relation to any sale merger, acquisition, or similar corporate event involving Dedham.

5. Your rights and choices about your personal information

The CCPA provides consumers with specific rights regarding their personal information. This section describes these rights and explains how you can exercise them.

A. Right to know

You have the right to know what personal information we have collected about you over the past 12 months. You can request that we disclose certain information to you about our collection, use, disclosure and sale of your personal information. Once we receive and confirm your verifiable consumer request, we will disclose to you:

If we collected personal information about you and the categories of personal information collected;
The categories of sources where we collected personal information about you;
Our business or commercial purpose for collecting, sharing, disclosing that personal information;
The categories of third parties with whom we share or disclosed that personal information;
The specific pieces of personal information we collected about you (also called a data portability request);
If we disclosed personal information about you for a business or commercial purpose and the categories of your personal information disclosed;
The categories of personal information about you disclosed to third parties and the categories of third parties that received your personal information.

B. Deletion requests

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.

There are a number of exceptions that may apply. For example, we may deny your deletion request (in whole or in part) if retaining the information is necessary for us or our service providers to:

Complete the transaction for which we collected the personal information, provide a product or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
Debug products to identify and repair errors that impair existing intended functionality;
Exercise their right to free speech, ensure the right of you or another consumer to exercise free speech rights, or exercise another right provided for by law;
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.);
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
Comply with a legal obligation; and
Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

C. Exercising Your CCPA Rights

To exercise your CCPA rights (the access, data portability, and deletion rights described above), please submit a verifiable consumer request to us by contacting privacy@dedhamgroup.com. You may only make a verifiable consumer request for access or data portability twice within a 12-month period.

Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information.

You will need to provide certain personal information so that we can properly verify your consumer request. We will only use the personal information provided in a verifiable consumer request to confirm the requestor’s identity or their authority to make the request.

If we cannot verify the requestor’s identity or their authority to make the request or if we cannot confirm that the personal information provided relates to the consumer which is the subject of the request, we may deny the request.

The verifiable consumer request must:

Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative (e.g. full name and account details and information regarding the services that you use or have access to); and
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Depending on the nature of your request, we may require additional information and we will advise you of this at the time.

D. Response Timing and Format

We endeavor to respond to a verifiable consumer request within 45 days of receipt. If we require more time , we will inform you of the reason and extension period in writing.

If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

E. Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

6. Changes to Our Privacy Notice

7. How to Contact Us

If you have any questions or comments about this policy, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under the CCPA, please do not hesitate to contact us at privacy@dedhamgroup.com or write to us at:

The Dedham Group, LLC

One Penn Plaza, Suite 2505

New York, NY 10119