GDPR/Privacy Policy

Updated:  May 2019

FleishmanHillard and our FleishmanHillard branded companies (“we”, “us” or “our”) respects your privacy. We are committed to safeguarding your privacy and protecting your information against unauthorized use. This privacy policy (the “Policy”) applies to FleishmanHillard and its affiliates for the European Economic Area (“EEA”).

For the purpose of this policy, to the extent any of the following entities process your personal information, each will be considered a “data controller” of your personal information:

Fleishman-Hillard Group Limited

Fleishman Hillard Germany GmbH

Fleishman-Hillard International Communications Limited

Fleishman-Hillard Sp.z.o.o.

Fleishman-Hillard s.r.o.

Fleishman-Hillard S.A.

Fleishman-Hillard, Inc.

 

PURPOSE OF THIS POLICY

This Policy explains our approach to any personal information that we might collect from you using this website (the “Site”) and in other situations or interactions with us, and the purposes for which we process your personal information. This Policy also sets out your rights in respect of our processing of your personal information.

This Policy will inform you of the nature of the personal information about you that is processed by us and how you can request that we delete, update, transfer and/or provide you with access to it or otherwise cease processing it for a specific purpose. This Policy is intended to assist you in making informed decisions when using the Site.

This Policy complies with the standards set by Regulation (EU) 2016/79 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

This privacy notice is not intended to apply to the processing of personal information of FleishmanHillard employees which is dealt with under our separate workplace privacy policy.

 

TYPE OF INFORMATION WE COLLECT

Personal information is information that identifies you as an individual. Categories of personal information we collect includes:

  • contact information (g. name, physical address, telephone number, email address),
  • information about your interests or affiliations,
  • information for hiring and human resources (g. employment and education history, work eligibility status, date of birth, financial account information, government-issued identification information), and
  • any additional information you submit to us.

Additional information about the personal information we collect is described in the section HOW WE USE PERSONAL INFORMATION and the COOKIE POLICY below.

 

WAYS OF OBTAINING PERSONAL INFORMATION

 We may collect and receive your personal information using different methods:

  • Personal information you provide to us. You may give us your personal information directly. This will be the case when, for example, you contact us with enquiries, complete forms on our Site or in hard copy or participate in a survey, subscribe to receive our marketing communications or provide feedback to us otherwise through your interactions with us.
  • Personal information we collect from you automatically. When you access and use our Site, we will automatically collect certain technical information about your equipment, browsing actions and patterns. We collect this personal information by using cookies and other similar technologies (see COOKIE POLICY below).
  • Personal information received from third parties. From time to time, we will receive personal information about you from third parties. Such third parties may include analytics providers, payment providers, hotel and transport providers and third parties that provide technical services to us so that we can operate our Site and provide our services.
  • Publicly available personal information. From time to time we may collect personal information about you from publicly available sources or media reports or personal information about you that you or a third party may make publicly available to us (for example through speaking at events or publishing articles or other news stories).

 

HOW WE USE PERSONAL INFORMATION

Our primary goal in collecting personal information from you is to:

  • verify your identity,
  • provide our services to clients,
  • help us improve our products and services and develop and market new products and services,
  • carry out requests made by you to us,
  • investigate or settle inquiries or disputes,
  • comply with any applicable law, court order, other judicial process, or the requirements of a regulator,
  • enforce our agreements with you,
  • protect the rights, property or safety of us or third parties, including our other clients and users of the Site,
  • provide support for the provision of our Services, and
  • use as otherwise required or permitted by law.

 

USES OF PERSONAL INFORMATION COLLECTED THROUGH THIS SITE

The following describes how we use personal information that we collect through this Site:

  • Client information.

Information we collect with respect to our clients and potential clients is used to enable us to respond to client requests, to administer client accounts with us, to conduct credit checks, and to verify and carry out financial transactions for payments made to us.

  • Media and informational inquiries.

We may collect information for interviews requests, for media questions, or requests for information about our company. We may also provide you with the opportunity to sign up for newsletters or to receive copies of blogs and other information that we make available.  Contact information may be requested in each case, together with details of other personal information that is relevant to these inquiries. This information is used in order to enable us to respond to your requests or media requests.

  • Career Opportunities.

Potential employees and service providers may provide us with information to find out about and apply for career opportunities, including by providing resumes and other related information. This information is used to enable us to review applications, respond to these requests, and to make hiring decisions.

  • Cookies.

We use cookies and similar other technologies to collect information from the computer hardware and software you use to access the Site, or from your mobile.  Please see our Cookie Policy for additional information.

The information you provide to us may be archived or stored periodically by us according to our standard backup processes and our document retention policy.

 

OTHER USES OF PERSONAL INFORMATION

We may also collect information in other contexts other than this Site as described below. That information may be used in the manner described above and in other ways, such as:

  • Surveys and voting.

We may collect personal information from you via surveys or voting polls. Participation is voluntary and you will have the opportunity to decide whether or not to disclose information. At times, you may have to register to vote or to take part in a survey. We would use that information to report the results of the survey or vote.

  • Promotions.

We may conduct promotions, contests or giveaways, which may require that you register to enter. We collect personal information from you in order to conduct the promotion, contest or giveaway and to deliver prizes or notices. Participation in these events and providing us with your information is voluntary.

  • Industry information.

We collect, and maintain data bases containing, information about journalists, talent, social media influencers, social media users and other professionals in the public relations, news or media industry collected by us or by our trusted third party media analytics service providers. Such information may include an individual’s name, business contact details, professional interests and affiliations. This information may be information that is voluntarily supplied to us by those individuals through our Site or in other situations (such as public speaking events), or information that is public or available in third party databases or via third party content platforms (including social media platforms). Further we may collect and/or review other publically available news stories and other journalistic content including content made available through public news sites and social media sites to understand what people are saying about us and our clients. We use this information to provide our services to our clients including ensuring we and our clients are fully up to speed on public opinion in any particular area and are fully briefed when it comes to dealing with the press.  We may also use this information for our own internal administrative and promotional purposes. We make efforts to minimize the use of this information to that which is strictly necessary for our legitimate business interests.

  • Interactive areas.

We may provide interactive areas, such as message boards, chat rooms or other forums.  Participation in these areas by users is voluntary.  We discourage you from submitting any information that may identify you personally when participating in these areas.  Use of these public areas is not secure and we cannot ensure that your information will be protected.

  • Marketing communications.

We may carry out marketing activities using your personal information.  We may send marketing information to you by mail or email.  We may also provide you with information about media and public relations events. It may be necessary to mention the purpose of other marketing communications at the point that we collect that information. We send this information and materials to you where you have consented to receive such information or materials, where we have another lawful basis to do so to the extent required by law.

  • Receipt of services.

If we have engaged you or the organisation you represent to provide us with products or services (for example, if you or the organisation you represent provide us with services such as IT support or financial advice), we will collect and process your personal information in order to manage our relationship with you or the organisation you represent, to receive products and services from you or the organisation you represent and, where relevant, to provide our Services to others.

  • Business administration and legal compliance.

We may use your personal information for the following business administration and legal compliance purposes:

  • to comply with our legal obligations;
  • to enforce our legal rights;
  • to protect the rights of third parties; and
  • in connection with a business transition such as a merger, reorganisation, acquisition by another company, or sale of all or a portion of our assets.

 

PARTIES WE SHARE YOUR INFORMATION WITH

We may share your personal information with any of our group affiliates, or with our agents, partners, client or contractors or professional advisers or government or regulatory bodies for the following purposes: (a) provide our services to clients or otherwise receive assistance in processing transactions; (b) fulfilment of requests for information, receiving and sending communications, updating marketing lists, analysing data; (c) provision of IT and other support or internal administrative business services; or (d) to facilitate the operation and effective management of our group of businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights (including dealing with any client matters that require escalation); (e) comply with a legal obligation or in connection with a legal claim or dispute or to otherwise protect our legal rights; and (f) assistance in other ancillary to the operation of tasks, from time to time. Our agents, partners and contractors will only use your information to the extent necessary to perform their functions.

We will not sell your personal information to other companies and we will not share it with other companies for them to use without your consent, except in the circumstances listed above or in connection with the sale or merger of FleishmanHillard or the division or office responsible for the services.

 

LEGAL BASIS

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you,
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests,
  • Where you have consented to a certain use of your personal information, or
  • Where we need to comply with a legal or regulatory obligation.

To the extent permitted under applicable laws, we will also process, transfer, disclose, and preserve personal information when we have a good faith belief that doing so is necessary.

In circumstances where we rely on consent we will ask for your consent at the point of collection.  Where we intend to further process your personal information, we may contact you to seek your consent for new purposes.

Our Cookie Policy describes additional uses of personal information.  We have a legitimate interest in ensuring that content from the Site is presented in the most effective manner for you and for your computer.

Where your personal information is completely anonymised, we do not require a legal basis to use it as the personal information will no longer constitute personal information that is regulated under data protection laws. However, our collection and use of such anonymised personal information may be subject to other laws where your consent is required.

Please see the next section for information relating to our legal basis for using personal information for marketing purposes.

 

USE OF DATA FOR MARKETING PURPOSES

We may use your personal information to form a view on what we think you may want or need, or what may be of interest to you.  We may provide you with marketing information about our products and services we feel may interest you:

  • if you have given your consent to receiving marketing material from us at the point we collected your information, where required by law, or
  • otherwise in our legitimate interests provided these interests do not override your right to object to such communications. In those cases, we believe that we have a legitimate interest in sending you marketing communications to provide you with the very best service we can and to optimize the benefits you receive from our business transactions with you.

We strive to provide you with opt out choices regarding your personal information uses, particularly around marketing and advertising. To see how you can opt out of marketing communications, please see the section entitled CHOICES AND MEANS.

We will get your express opt-in consent before we share your personal information with any company outside of FleishmanHillard and its related businesses for its marketing purposes.

 

COLLECTION FROM THIRD PARTIES

We also collect personal information about you from various third parties and public sources. We reserve the right to supplement your personal information with information we gather from other sources which may include information we gather from online and offline sources.

 

PERSONAL INFORMATION OF CHILDREN

We do not intend to or knowingly collect personal information from children.

 

DATA TRANSFER

We may transmit personal information outside the EEA and more specifically to: (1) our headquarters in St. Louis, Missouri, United States (“US”); (2) our different offices in the US and other locations globally; (3) our affiliated entities in the US or in other locations globally. Moreover, personal information might be sent to the following third parties in or outside the EEA:

  • Selected Third Parties: We will not disclose or share any personal information with any external entity or third party, except to travel professionals, to clients to illustrate experience and qualifications for business purposes or promotion or in order to provide our services, and to third party agents, partners or contractors who assist us as described above under PARTIES WE SHARE YOUR INFORMATION WITH.
  • Other Third Parties: We may be required to disclose certain personal information to other third parties: (1) as a matter of law (e.g. to tax and social security authorities); (2) to protect our legal rights; (3) in an emergency where the health or security of an employee is endangered (e.g. a fire); (4) to law enforcement authorities in accordance with the relevant legislation in the different EEA Member States including but not limited to legislation transposing EU/2016/1148 concerning measures for a high common level of security of network and information systems across the EU (the “Network Information Security Directive”).

In particular when transferring your personal information outside the EEA, we will ensure that, where required by applicable law, at least one of the following safeguards is implemented: (1) we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; (2) where we use certain service providers, we may use specific contracts approved by the European Commission referred to as the “model clauses” which give personal data the same protection it has in Europe; or (3) where we have partners or suppliers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.

Please note that FleishmanHillard in the US complies with the Privacy Shield Principles of the EU-US Privacy Shield framework (“Privacy Shield”) issued by the US Department of Commerce and we have taken the necessary actions to register within the Privacy Shield framework. In this regard, we have adopted a separate US Privacy Policy describing our compliance with Privacy Shield Principles for data transferred from the EU to the US. This US Privacy Policy can be accessed at: www.fleishman.com.

Therefore, we may transfer your personal information outside the EEA:

  • In order to store it.
  • In order to enable us to provide goods or services to you and fulfil our contract with you. This includes order fulfilment, processing of payment details, and the provision of support services.
  • Where we are legally required to do so.
  • In order to facilitate the operation of our group of businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights.

 

CONFIDENTIALITY AND SECURITY OF YOUR PERSONAL INFORMATION

We are committed to keeping the personal information you provide to us secure and we will take reasonable precautions to protect your personal information from loss, misuse or alteration.

To safeguard against unauthorized access to personal information by third parties outside our organization, all electronic personal information held by us is maintained on systems that are protected by up-to-date secure network architectures that contain firewalls and intrusion detection devices. The data saved in servers is “backed up” (i.e. the data are recorded on separate media) to avoid the consequences of any inadvertent erasure, destruction or loss otherwise. The servers are stored in facilities with high security, access protected from unauthorized personnel, fire detection and response systems. The location of these servers is known to a limited number of our employees.

We have implemented information security policies, rules and technical measures to protect the personal information that we have under our control from:

  • unauthorized access;
  • improper use or disclosure;
  • unauthorized modification; and
  • unlawful destruction or accidental loss.

All of our employees and data processors (i.e. those who process your personal information on our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal information, are obliged to respect the confidentiality of the personal information of all users of our services.

Information regarding job applications is encrypted and transmitted in a secure way. You can verify this by looking for a closed lock icon at the bottom of your web browser, or looking for “https” at the beginning of the URL. Only employees or third parties who need the information to process a specific request are granted access to personally identifiable information.

 

YOUR DATA PROTECTION RIGHTS

You have the right under certain circumstances:

  • To see the personal information we hold about you,
  • To request your data be corrected or erased where appropriate,
  • To restrict the processing of your personal information while we investigate your concern,
  • Where processing is based on your consent, to receive your personal information in a commonly used electronic format, or ask that we move your personal information in that format to another provider, where your request relates to the data that you gave us directly and where technically possible,
  • To object to your personal information being processed where we are relying on our or a third party’s legitimate interest to do so or for the purpose of direct marketing, and
  • To withdraw your consent at any time when processing relies upon consent.

Data subjects have the right to be provided with information as to the nature of the personal information we store or process about them, and to request deletion or amendments. These requests can be made verbally or in writing at our contact information provided in the section below entitled ENFORCEMENT RIGHTS AND MECHANISMS.  We will respond within one month to such requests.

If access is denied, data subjects have the right to be informed about the reasons for denial. Data subjects may use the dispute resolution described in the section entitled ENFORCEMENT RIGHTS AND MECHANISMS, as well dispute resolution available through a competent regulatory body or authority. We will handle, in a transparent and timely manner, any internal dispute resolution procedure relating to the collection and processing of personal information.

If any information is inaccurate or incomplete, a data subject may request that data be amended. It is every person’s responsibility to provide us with accurate personal information and to inform us of any changes (e.g. new home address or change of name).

If a data subject demonstrates that the purpose for which the data is being processed is no longer legal or appropriate, the data will be deleted, unless applicable law requires otherwise.

To exercise these rights, please contact us using the information provided in the following section of this Policy.

 

CHOICES AND MEANS

We generally offer you the opportunity to choose whether your personal information may be (a) disclosed to third-party controllers, or (b) used for a purpose that is materially different from the purposes for which the information was originally collected or subsequently authorized by you. We obtain opt-in consent for certain uses and disclosures of sensitive data. Unless we offer you an appropriate choice, we use personal information only for purposes that are materially the same as those indicated in this Policy. To exercise your choices you may contact us as indicated in this Policy.

To opt-out of any further use of your personal data or from any future promotional or marketing communications or any other communications from us, you should send a request to us at the contact information in the section immediately below containing our contact details.  We will process your request within a reasonable time after receipt.  Please note that if you opt out in this manner, certain aspects of this Site may no longer be available to you.

We may share personal information with our affiliates and subsidiaries as described above under PARTIES WE SHARE YOUR INFORMATION WITH. We may disclose personal information without offering an opportunity to opt out, and may be required to disclose such information (a) to third-party processors we have retained to perform services on our behalf and pursuant to our instructions, (b) if we are required to do so by law or legal process, or (c) in response to lawful requests from public authorities, including to meet national security, public interest or law enforcement requirements. We also reserve the right to transfer personal information in the event of an audit or if we are sold or we transfer all or a portion of our business or assets (including in the event of a merger, acquisition, joint venture, reorganization, dissolution or liquidation).

 

ENFORCEMENT RIGHTS AND MECHANISMS

If you have any complaints regarding our privacy practices, you have the right to make a complaint at any time to your local supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach your supervisory authority so please contact us in the first instance.

We will ensure that this Policy is observed and duly implemented. All persons who have access to personal information must comply with this Policy. Violations of the applicable data protection legislation in the EEA may lead to penalties and/or claims for damages.

If at any time you believe that your personal information has been processed in violation of this Policy, or if you have any inquiries or complaints about the use or limitation of use of your personal information, you may contact the following individuals:

 

Contact in the EEA:

Ann Coyne
15 Fitzwilliam Quay
Dublin 4
Ireland
Email: yourprivacy@fleishman.com

 

Contact at our corporate headquarters:

Joseph Robertson
Senior Vice President
FleishmanHillard
200 No. Broadway
St. Louis, Missouri 63102
Email: yourprivacy@fleishman.com

We are committed to cooperate with the different national EEA Data Protection Authorities (“DPAs”) and to comply with their dispute resolution procedures in cases of complaints.  We are also committed to complying with any regulations or guidelines that DPAs may issue from time to time in accordance with EEA and Member State data protection legislation. We undertake to register and/or keep our registration updated as a data controller and/or processor in all jurisdictions where we maintain entities in the EEA.

We are also subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

You may invoke binding arbitration to address complaints about our compliance with the Privacy Shield Principles.

Please note that in order for you to assert these rights, we may need to verify your identity to confirm your right to access your personal information.  This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. In order to verify your identity, we may need to gather more personal information from you than we currently have.

 

CONSENT

Where our use of your personal information requires your consent, you can provide such consent:

  • at the time we collect your personal information following the instructions provided; or
  • by informing us by e-mail, post or phone using the contact details set out in this Policy.

Please note that if you specifically consent to additional uses of your personal information, we may use your personal information in a manner consistent with that consent.

 

THIRD PARTY LINKS AND SERVICES

This Site contains links to third party websites and services. Please remember that when you use a link to go from our Site to another website or you request a service from a third party, this Policy no longer applies.

Your browsing and interaction on any other websites, or your dealings with any other third-party service provider, is subject to that website’s or third-party service provider’s own rules and policies. We do not monitor, control, or endorse the privacy practices of any third parties.

This Site may integrate with social networking services. You understand that we do not control such services and are not liable for the manner in which they operate.  While we may provide you with the ability to use such services in connection with our Site, we are doing so merely as an accommodation and, like you, are relying upon those third-party services to operate properly and fairly.

This Policy does not apply to these third-party websites and third-party service providers.

 

COOKIE POLICY

We use cookies and similar technologies to collect personal information from the computer or other device you use to access the Site. “Cookies” are pieces of information that may be placed on your device for the purpose of collecting data to facilitate and enhance your communication and interaction with our Site. We may also allow certain third parties to place cookies as described below.

We use cookies and other technologies on all our sites to ensure the best possible experience on our Site. These uses include:

  • We use analytical cookies to recognize and count users of our Site, measure the effectiveness of our content, and understand how visitors use our Site.  We currently use Google Analytics for this purpose.
  • We may place, or allow a third party to place, functional cookies to make a website easier to use, such as cookies that maintain a user’s session.

You can review your Internet browser settings to exercise choices you have for certain cookies. If you disable or delete certain cookies in your Internet browser settings, you might not be able to access or use important functions or features of this Site, and you may be required to re-enter your log-in details.

To learn more about the use of cookies for Google analytics, please visit the Google Analytics Opt-Out Browser Add-on at https://tools.google.com/dlpage/gaoptout/

 

DATA CONTROLLER

For purposes of EU data protection law, the data controller of the personal information that we control is the FleishmanHillard entity described in this Policy which processes the personal information.

We will respond diligently and appropriately to requests from DPAs about this Policy or compliance with applicable data protection privacy laws and regulations. Our employees who receive such requests should contact their human resources manager or business legal counsel. We will, upon request, provide DPAs with names and contact details of relevant persons. With regard to transfers of personal information between our entities, the importing and exporting entities will (1) cooperate with inquiries from the DPA responsible for the entity exporting the data and (2) respect its decisions, consistent with applicable law and due process rights. With regard to transfers of data to third parties, we will comply with DPAs’ decisions relating to it and cooperate with all DPAs in accordance with applicable legislation.

 

HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?

We retain personal information only for as long as is necessary for the purposes described in this Policy, after which it is deleted from our systems.

Regarding personal information we have processed in connection with the supply of our services to clients, we may retain personal information relevant to our services for up to five years from the date of supply and in compliance with our obligations under the EU General Data Protection Regulation (or similar legislation around the world). We may then destroy such files without further notice or liability.

Regarding any other personal information we have processed, we may retain relevant personal information for up to three years from the date of our last interaction with the relevant individual and in compliance with our obligations under the EU General Data Protection Regulation (or similar legislation around the world). We may then destroy such files without further notice or liability.

If any personal information is only useful for a short period (e.g. for a specific event or marketing campaign or in relation to recruitment), we may delete it at the end of that period.

If you have opted out of receiving marketing communications from us, we will need to retain certain personal information on a suppression list indefinitely so that we know not to send you further marketing communications in the future.

 

ONWARD TRANSFERS

We might receive personal information under the Privacy Shield and subsequently transfer to a third party acting as an agent on our behalf. In such case, we remain liable if our agent processes such personal information in a manner inconsistent with the Privacy Shield Principles, unless we are able to prove that we are not responsible for the event giving rise to the damage.

 

COMPLIANCE WITH THE PRIVACY SHIELD

FleishmanHillard complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States.  FleishmanHillard has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

 

MODIFICATIONS TO THE POLICY

We reserve the right to modify this Policy as needed, for example, to comply with changes in laws, regulations or requirements introduced by DPAs. Changes must be approved by our privacy points of contact, the office of the corporate legal department, or their designees who will seek input as they reasonably deem appropriate from corporate executives for the amended Policy to enter into force. If we make changes to the Policy, this amended Policy will be submitted for renewed approval according to the relevant applicable provisions of the law. We will inform data subjects of any material changes in the Policy. We will post all changes to the Policy on relevant internal and external websites.

Effective with the implementation of this Policy, all existing and applicable EU company privacy guidelines relating to the collection and/or processing of personal information will, where in conflict, be superseded by the terms of this Policy. No other internal policy that conflicts with this Policy shall be applicable with respect to the protection of personal information handled by us in the EU. We encourage you to review this Policy periodically to be informed of how we use your personal information.