Posting Date: November 1, 2022
Effective Date: November 1, 2022
1. ABOUT US
We are a provider of investigative and business intelligence services. Our contact details are laid out in Section 3 (“Contact Us”), below.
We collect, use, and are responsible for certain personal data about you. We are subject to the laws and regulations of the State of Illinois and the United States. However, in relation to individuals who reside within the European Economic Area (“EEA”) or the United Kingdom (“UK”), we may be subject to the European Union (“EU”) General Data Protection Regulation (“GDPR”), which applies to the processing of personal data in the European Union, and Data Protection Act 2018 (“DPA”), which applies to the processing of personal data in the UK. To the extent we are subject to the GDPR or DPA, we may be responsible as a “controller” of personal data for the purposes of those laws.
2. OUR WEB SITE
Our Site is not intended for use by children (those under the age of 18), and we do not knowingly collect or use personal data relating to children.
Please note that the Site may contain links to third-party websites. Please be aware that Axium is not responsible for the privacy practices of such third-party websites. We encourage users of the Site to be aware when they leave the Site and to read the privacy policies or statements of every website that collects personally identifiable information.
3. CONTACT US
Our contact details are:
|Postal address:||Axium Consulting LLC, 33 North Dearborn Street, Suite 370, Chicago, IL 60602|
4. PERSONAL DATA WE COLLECT
We may collect, hold, use, store, and transfer the following different types of personal data about you:
- Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, and gender.
- Contact Data includes billing address, delivery address, email address and telephone numbers, and company name and address.
- Financial Data includes bank account details.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data includes internet protocol (“IP”) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
- Profile Data includes purchases or orders made by you, your interests, preferences, feedback, and survey responses.
- Usage Data includes information about how you use our website, products, and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We do sometimes collect sensitive personal data about you, such as criminal convictions and charges, civil litigation history, and driving infraction history.
We require this personal data to provide our services. If you do not provide this personal data, it may delay or prevent us providing such services.
5. HOW WE COLLECT YOUR INFORMATION
At several places on the Site, or via direct interactions we have with you, Axium may collect certain personal data you voluntarily provide. For example, when you fill out a form or by correspondence with us by mail, phone, email, or otherwise, we or one of our vendors on our behalf may collect Identity Data and Contact Data including your name, phone number, email address, and any information you provide in a message or comment field. If a vendor collects your personal data, such vendor may share all or part of your personal data with us.
We may also collect information from:
- Publicly accessible sources, such as company registrars, tax authorities, court records, government-maintained databases, licensing authorities, and regulators;
- Directly from a third party such as a credit reporting agency or due diligence provider; and
- From a third party with your consent, such as HR departments of previous employers, university registrars, government-maintained databases, licensing authorities, and regulators.
When accessing, browsing, or using the Site, our software may automatically collect certain information, including Technical Data and Usage Data, from your device (e.g., computer, smartphone, or tablet) using “cookies”, “web browsers”, and other tracking techniques, or by collecting platform information from our servers.
Cookies and Web Beacons
“Cookies” are small data files locally stored on the device used to access the Site (e.g., computer, smartphone, or tablet). A “session cookie” expires immediately when you end your session (i.e., close your browser). A “persistent cookie” stores information on the hard drive so when you end your session and return to the same website at a later date, the cookie information is still available.
“Web beacons” are electronic images that we or our vendors may use in the Site or in emails to deliver cookies, count visits, understand Site usage, and/or evaluate the effectiveness of marketing campaigns.
Axium and our vendors may use one or more of the above-described cookies and web beacons to facilitate access to various features of the Site, distinguish you from other visitors, track your IP address and usage of our site, and identify the name of the website from which you linked to our website. We do not otherwise track any information about your use of other websites. Non-personal data or anonymized/pseudonymized information obtained through cookies and web beacons may be shared with or obtained by vendors on our behalf.
When you visit the Site, we may use both a session and a persistent cookie. This placed cookie may contain information (such as a unique user ID) that is used to track your usage of the Site and in some cases, your email address. Your email address is not saved in this cookie. The web beacon allows us to capture certain additional types of information about a visit’s actions on a website, such as a visitor’s cookie number, the time, date, duration, and number of page views; a description of the page where the web beacon is placed; and the details about any items that were purchased.
You can disable cookies at any time by using your browser options. You may still use the Site if you reject, block, and/or delete our vendors’ or our cookies, but please note that you may not be able to access some areas or features of the Site.
There is currently no consensus among industry participants as to what “Do Not Track” means and how to respond to “Do Not Track” browser signals. As such, we do not respond to such signals. Instead, you can disable certain tracking features as noted above and/or opt-out of advertising by emailing us (firstname.lastname@example.org).
When you visit the Site, our Site may automatically record certain information about the device (e.g., a computer or mobile device) you used to access the Site. Such information, often referred to as “log file” information, may include your device’s IP address, operating system name and version, and browser name and version, as well as the referring URL, number of times your device has accessed the Site, pages of the Site you viewed, links you clicked, and other information about your visit to and use of the Site.
6. WHY WE COLLECT YOUR PERSONAL DATA
Axium is committed to processing your personal data in accordance with applicable data privacy laws and with transparency and fairness.
If you are a resident of the EU or UK, we can only use your personal data if we have a proper reason for doing so, for example:
- To comply with an applicable law or regulation;
- To take steps at your request before entering into a contract or to fulfill a contractual obligation;
- For our legitimate interests or those of a third party, where we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests; or
- Where we have your consent to process and use your personal data.
Axium may use your personal data in the ways and for the purposes and reasons set out below:
|To conduct background investigations on you, including:
· Via publicly accessible sources, such as company registrars, tax authorities, court records, government-maintained databases, licensing authorities, and regulators;
· Directly from a third party such as a credit reporting agency or due diligence provider; and
· From a third party with your consent, such as HR departments of previous employers, university registrars, government-maintained databases, licensing authorities, and regulators.
|To perform our obligations under a contract or client engagement.|
|To provide our services, for example:
· To register a new client;
· Provide our services to clients;
· Respond to a message or comment; and
· To manage our relationship with you and our clients.
|To perform our obligations under a contract or client engagement.|
|To manage payments, fees, and charges, and to collect and recover money owed to us.||To complete a transaction, comply with legal obligations, and for our legitimate interest in recovering debts due to us.|
|To prevent and detect suspicious financial transactions and fraud.||For our legitimate interests or those of a client or third party, to minimize fraud or other violations of laws or regulations that could be damaging for us, others and/or you.|
|To prevent and investigate fraud or other violation of laws or regulations.||For our legitimate interests or those of a client or third party, including to identify and mitigate fraud or other violations of laws or regulations that could be damaging for us, others and/or you.|
|To conduct checks for identity purposes, screening for financial and other sanctions and embargoes, and any other processing necessary to comply with professional, legal, and regulatory obligations that apply to our business or those of our clients. Other processing necessary to comply with professional, legal, and regulatory obligations that apply to our business or those of our clients, such as under rules issued by financial or professional regulator.||To comply with our legal and regulatory obligations or those of our clients.|
|To gather and provide information required by or relating to audits, inquiries, or investigations by regulatory bodies.||To comply with our legal and regulatory obligations.|
|To prevent unauthorized access and modifications to systems.||For our legitimate interests or those of our clients or a third party, i.e., to prevent and detect criminal activity that could be damaging for us and you.
To comply with our legal and regulatory obligations.
|To update client records and for any other management and administrative purposes.||To perform our obligations under a contract or client engagement or to take steps before entering into a contract or engagement.
To comply with our legal and regulatory obligations.
For our legitimate interests or those of our clients or a third party, such as making sure that we can keep in touch with our clients about existing and new services.
|To contact you about your use of the Site or about our programs, services, products, activities, special events, or other news that may be of interest to you and for otherwise marketing our services to you and existing and former clients; third parties who have previously expressed an interest in our services; and third parties with whom we have had no previous dealings.||For our legitimate interests and those of a third party, i.e., to promote our business to existing and former clients.|
|To notify you about changes to our terms or privacy notice.||To perform our obligations under a contract or to take steps before entering into a contract. To comply with our legal and regulatory obligations.|
|To perform a task in the public interest or in the exercise of official authority vested in us.||To comply with our legal and regulatory obligations.
For our legitimate interests or those of a third party, e.g., maintaining our reputation.
|To carry out analysis and market research; for example, we might ask you to leave a review or take a survey.||For our legitimate interests or those of a third party, e.g., to study how clients use our products/services to develop them and grow our business.|
|For purposes of website improvement, products, and services, including to monitor and analyze usage of the Site.||For our legitimate interests or those of a third party, e.g., to define types of clients for our products and services, to keep our website updated and relevant, to develop our business, and to inform our marketing strategy.|
Generally, we do not rely on consent as a legal basis for processing your personal data, other than where we are required to do so by law, including in relation to sending third-party direct marketing communications to you via email or text message (see Direct Marketing below) or where we process sensitive personal data (such as criminal convictions). Where consent is needed, we will ask for it separately and clearly.
7. DIRECT MARKETING
We may use your personal data to send you updates (by email, text message, telephone, or mail) about our services. We have a legitimate interest in processing your personal data for such purposes. This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly. You have the right to opt out of receiving promotional communications at any time by emailing us at email@example.com. You may opt out of such except to the extent such information is necessary to complete any services or transactions you have entered into or as required by law.
8. CHANGE OF PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
9. HOW WE SHARE PERSONAL DATA WITH THIRD PARTIES
We may provide aggregate information (i.e., information collected from you that does not allow you to be personally identified or contacted) to third parties without your authorization, such as information about your access and use of the Site.
To best serve our clients, we may also disclose personal data you provide to independent contractors, vendors, service providers, or consultants who are engaged by or working with Axium and who need access to such information to carry out their programs or services. We may collaborate with other vendors or organizations to provide specific programs or services and will share information with them in order to facilitate their provision of such programs or services. For example, we may need to share such information with a third-party vendor in another jurisdiction to conduct investigations on our behalf to assist us with providing our services. We may also disclose personal data we have collected if we are required to do so by law or if in our good faith judgment, such action is reasonably necessary to comply with legal process, to respond to any claims, or to protect the rights of Axium.
Any third-party recipients of your personal data are contractually restricted from using it in any manner other than to help Axium provide its products and services.
We will not share your personal data with our business partners or vendors for their direct marketing purposes.
We will share personal data with law enforcement or other authorities if required by applicable law.
Our servers, storing and keeping your information secure, are located in the United States.
For the purposes outlined above, we may need to send information provided to us by individuals in the EEA or UK internationally, including to countries outside the EEA and UK (respectively), for example, in order to share it with our service providers and vendors or where there is an international dimension to the services we are providing. For example, we may need to share personal data with vendor sub-contractors based in another country and conducting investigations on our behalf in that jurisdiction. These transfers are subject to special rules under European and UK data protection laws. This means that we can only transfer your personal data to a country or international organization outside the EEA or UK (depending on where you reside) where:
- The European Commission/UK Information Commissioners Office (as appropriate) has issued a formal decision in relation to a country or organization to the effect that it provides an adequate level of data protection similar to that which applies in the EEA/UK (an “adequacy decision”);
- There are appropriate safeguards in place, together with enforceable rights and effective legal rights for data subjects; or
- A specific exemption applies under the relevant data protection laws.
10. HOW WE PROTECT YOUR PERSONAL DATA
Axium is committed to maintaining up-to-date and appropriate security measures and safeguards. We have put in place and maintain a variety of physical, electronic, and procedural safeguards to help prevent loss or alteration of, unauthorized access to, and improper use of your personal data. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We want you to feel confident in our security when using the Services, but we cannot guarantee the security of any information from or about you 100% of the time. Please refer to the U.S. Federal Trade Commission’s website for information on how to protect yourself from identity theft.
Privacy by design
When new data processing systems are introduced, we ensure a high standard of data protection. Particularly, any new systems and processes must comply with the following principles:
- Technical and organizational measures must be taken to ensure systematic and secure life cycle management of personal data from collection to processing to deletion;
- Data processing systems must be aimed at collecting as little personal data as necessary to fulfill the purpose for which the data was collected;
- Where anonymizing the data does not inhibit the data processing purpose, personal data must be rendered anonymous in a way that the data subject is no longer identifiable;
- Where personal data cannot be anonymized, security measures appropriate to the nature of the data must be taken, such as encryption, partial redaction, or access restriction;
- Access to personal data shall be granted according to the “need-to-know” principle, meaning that personal data shall only be made accessible to those persons who require it to perform their assigned roles and responsibilities;
- Systematic quality checking of personal data must be part of data life cycle management to ensure high data quality. In particular, processes must be established to detect and correct false or incomplete personal data;
- Data processing systems must be adequately protected from unauthorized access through technical and organizational measures; and
- Data subjects must be provided with transparent, user-friendly, and effective means of control concerning their personal data.
Privacy by default
We set up data processing systems in a way that the strictest privacy settings apply automatically. We permit more extensive processing of your personal data only if you give us explicit consent.
11. RETENTION OF YOUR INFORMATION
We will only retain your personal data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any of our contractual, client engagement, legal, regulatory, licensing, accounting, or reporting obligations. We will retain your personal data for as long as necessary:
- To respond to any questions, complaints, or claims made by you or on your behalf;
- To show that we treated you fairly; or
- To keep records as required by law.
Different retention periods apply to different types of personal data. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data; the potential risk of harm from unauthorized use or disclosure of your personal data; the purposes for which we process your personal data and whether we can achieve those purposes through other means; and the applicable legal requirements.
When it is no longer necessary to retain your personal data, we will delete it.
12. YOUR RIGHTS
If you are resident in the EEA or UK, in relation to your personal data, you have the rights (which you can exercise free of charge) to:
- Request access to (i.e., be provided with copies of) personal data we hold about you (usually exercised by submitting a “data subject access request”).
- Request correction of personal data we hold about you (though we may need to verify the accuracy of any new data you provide to us). It is important that the personal data we hold about you is accurate and current so please do let us know if your personal data changes during your relationship with us by emailing firstname.lastname@example.org.
- Request erasure of your personal data (i.e., ask us to remove or delete it), e.g., where there is no good reason for us to continue processing it, if you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data:
- Where we are relying on a legitimate interest (of our own or a third party) and you feel it impacts on your own interests (i.e., fundamental rights or freedoms); or
- Where we are processing your personal data for direct marketing purposes (including profiling).
- Request restriction/suspension of processing of your personal data – e.g.,:
- To ask us to establish the data’s accuracy;
- Where our use of the data is unlawful but you do not want us to erase it;
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- Where you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party you have chosen in a structured, commonly used, machine-readable format. This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
- Not be subject to automated individual decision making. This relates solely to automated processing (including profiling) that produces legal effects concerning you or similarly affects you.
You can obtain further information about these rights including the circumstances in which they apply via the UK Information Commissioner’s Office and the EU Commission’s websites.
Data subject access requests
You will not have to pay a fee to access your personal data (or exercise any of your other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded, repetitive, or excessive or if additional copies of your personal data are requested. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Exercising your legal rights
If you wish to exercise any of the rights set out above, please:
o Contact us using the details above;
o Let us have enough information to identify you (e.g., your full name, address, and date of birth);
o Provide us with proof of your identity and address (a copy of your driver’s license or passport or a recent utility or credit card bill); and
o Let us know the information to which your request relates.
If you are an EU or UK citizen, you have the right under the GDPR and UK data protection laws to make a complaint at any time to the supervisory authority for data protection issues in the country in which you work, normally live, or if any alleged infringement of relevant data protection laws occurred there.
We would appreciate the chance to resolve any query or concerns you may have before you approach the relevant data protection authority, so please do contact us in the first instance using the contact details above.