This policy is intended to be consistent with (and supplement) our obligations under applicable laws, including US federal and state law and the EU General Data Protection Regulation (the “GDPR”).
We last revised this policy on September 1, 2018.
Information We Collect
HPS collects two types of information:
- Aggregate, non-identifiable information. The HPS website automatically creates records of each visit. The collected information includes website access time, duration of website visit, internet browser identity, operating system, and other information. This data is anonymous and does not contain any personally identifiable information such as your name or contact information.
- Personally identifiable information (“personal information” or “personal data”). HPS may collect various types of personal information directly from you or third parties such as clients, prospective clients, former clients, accountants, financial advisors, banking institutions, and other advisors. HPS collects personal information when you, your organization, or a third party that holds your personal information retains HPS to provide analysis, advice, or other services; when you, your company, or a third party that holds your personal information makes inquiries regarding our services; when you use the HPS website or provide personal information during HPS meetings, events, and webinars; when you or a person who holds your personal information provide information to us for the purpose of recruitment; when you provide us with your personal information during a visit to our office; and when you or your organization provides or offers services to us.
Examples of personal information that we may collect are contact information, such as name, physical and email address, and other contact details; financial data, such as bank account or credit card information (to the extent you affirmatively provide any such information to us), accounts receivable or payable balance information; services information, including business information necessary for us to perform services requested by our clients; digital information that you transmit while using our wi-fi network while at our office; user data and usage information collected by the HPS website, such as your IP address, or provided by you when using our electronic services; marketing data, including information provided by you about your preferences for marketing material and updates on public policy developments; professional information, including job title, previous positions, employment history, academic record, awards, and membership in professional organizations; and other screening and due diligence information we collect when evaluating whether we can provide you or your organization services. HPS sometimes collects nonpublic personal information that you, your organization, or a third party with your personal information provides to us for the purpose of providing services. Nonpublic information can include the fact that an individual is or has been a client.
Depending on circumstances, we may require you to provide personal data in order to enter into or perform a contract. Failure to provide the personal data may render the contract impossible to perform.
We do not knowingly collect personally identifiable information from children under the age of 16. The HPS website, information, and services are intended for persons of at least 16 years of age.
How We Use The Information We Collect
We use your personal data for a number of purposes and activities, such as to provide professional services for our clients; to evaluate prospective clients; to manage our business relationships with our clients and service providers; to analyze and improve the HPS website and our marketing services and communications; to evaluate and interview job applicants, service providers, or other third parties; to comply with legal obligations (such as “know your client” compliance); and to protect and manage our business, including analyzing and improving data security, assessing compliance with our policies, and defending our legal rights. We will not use your personal data to take any automated decision affecting you, or create profiles other than those described above.
We use your personal data only when necessary to enter or perform a contract with you; when necessary to comply with our legal or regulatory obligations; where necessary to pursue our or a third party’s legitimate interests, provided that your fundamental rights and freedoms do not outweigh that interest; or where you have provided your consent. Our legitimate interests in processing your data are to provide, promote and market our services, and to manage our business.
We may also use your personal information to provide you information about our perspective on public policy developments and news relating to the public affairs and communications industry, to conduct marketing activities, and to send you invitations to meetings and conferences related to the business interests of our clients. These activities may involve emails, other online content, and invitations to physical meetings. You may opt out of receiving such communications at any time.
Sharing Your Information
HPS does not sell or otherwise share personal information with third-party marketers offering their products and services. Accordingly, you do not need to take any action to prevent disclosure.
We do not disclose any nonpublic personal information about clients, prospective clients, or former clients except as required or permitted by law; as required to provide services to our clients; or in limited situations in which we must defend our legal rights. Under the GDPR and other applicable law, we are generally permitted to disclose nonpublic personal information under certain circumstances such as: (a) when you consent; (b) when disclosure is necessary to carry out a transaction or perform a service that you have requested; (c) pursuant to our or a third party’s legitimate interests, provided that your fundamental rights and freedoms do not outweigh that interest; or (d) to comply with a properly authorized subpoena or similar legal process.
Protecting the Confidentiality of Nonpublic Personal Information
We value your trust and handle information about you with care. It is our policy to restrict access to personal information about you. Only certain HPS employees, service providers, and other persons with whom we work will have access to your personal information and only on a need-to-know basis. To protect your personal information, HPS maintains physical, electronic, and procedural safeguards consistent with best industry practices to avoid unauthorized disclosure.
Rights Regarding Your Information
You may request access to, correction, or deletion of your personal information held by HPS. We will consider any such request seriously, although we may choose not to delete information where it is necessary for compliance with our professional obligations or provision of services to others, or we otherwise have a substantial need to retain the data. You may also have rights (including under the GDPR, where applicable, and subject to conditions) to restrict or to object to processing of your data and to portability of your data to other service providers. Where, as a requirement for a contract with HPS, you have consented to provision of your personal data, you may withdraw consent at any time. You may exercise any of these rights by contacting us as described below.
How We Retain Your Information
We keep personal information obtained during the course of client representations for a period of time that is consistent with our professional responsibilities and contractual obligations and that is reasonably necessary for the purpose for which the data was collected and to protect and defend HPS against legal claims.
For other types of personal information, we will retain the data until no longer reasonably necessary for the purposes for which it was collected or until consent to hold the data is revoked, provided that there is no other basis for us to hold the information and the deletion of the personal information is legal and consistent with our professional responsibilities or best industry practices. Upon expiration of the retention period, we will delete, anonymize, or otherwise destroy the personal data.
In our activities outside the United States or involving persons located outside the United States, we comply with the privacy laws applicable to those activities, which may impose obligations in addition to those of US law.
For activities in the European Union or involving EU residents, we comply with the GDPR, including by obtaining consent for processing of personal information.
HPS’s offices are located in the US, where your personal data is processed. HPS will ensure that appropriate safeguards are applied to ensure security and confidentiality of your personal data, such as compliance with this privacy notice and standard data protection clauses with processors.
If you have any questions about our privacy practices or if you feel that we have not handled information about you properly, please contact us at 202-822-1205, or firstname.lastname@example.org, so that we may address your inquiry or complaint. You may also have a right to lodge a complaint with a supervisory authority.