Online Privacy Statement
May 2024 version
For the French version, click here.

1. Foreword

Terms used in this privacy policy that begin with a capital letter shall have the definition given to them in the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).

“BGC” (“we” or “our”) refers to Baldwin Global Consulting SAS, a private limited company (Société par actions simplifiéé) incorporated in France, with registered office at 7 avenue du Général Leclerc, 75014, Paris.
“Sites” means BGC websites and applications subject to this policy and accessible from a web browser. Links to other websites and applications are not subject to this policy.

The user acknowledges and accepts that risks are involved in using the internet and takes the needed measures to protect the user’s equipment. BGC cannot be held liable for any resulting damages.
BGC strives to maintain continuous access to its Sites. However, BGC may suspend or delete access to its Sites at any time without any prior notification needed. BGC shall not be held liable if it becomes impossible to access one or several of its Sites.

1.1. Why this policy?

In accordance with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and the amended French Act n°78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties, BGC undertakes to ensure the appropriate security and confidentiality of Personal Data.

BGC is aware of its duties and obligations and consistently strives to ensure that your data is used responsibly.

In this policy we would like to explain, in all transparency, the way your data is treated by BGC when you visit our Sites. We explain the reasons for collecting your personal data, the categories of data used, who has access to your personal data and the period for which your personal data is stored.

This document also contains information relating to your rights and how you can exercise them.

1.2. Policy scope and limitations

This policy is for users of our Sites and does not cover data treatment relating to clients, prospects, suppliers, partners, subcontractors or job applicants.

1.3. Information in this policy

In this policy, you have access to the following information:

  • Purposes of data processing - Why are we collecting your data?
  • Legal basis for processing - What gives us the authorisation to collect your data?
  • Categories of data processed - What data do we collect?
  • Categories of data recipients - Who can access your data?
  • Storage periods - How long do we store your data?
    This policy also contains additional information relating to the processing of your personal data, including:
  • Transfers of personal data outside of the European Economic Area,
  • Automated decision-making,
  • Data processing pertaining to minors,
  • Security measures in place,
  • Your rights and how you can exercise them.

Thanks to the interactive table of contents, you can quickly get to the information you are looking for.

1.4. Who processes your personal data?

Personal data means all information relating to you as an individual. You are identifiable once such data is collected.

An individual may be identified by a single item of data (your surname, for example) or by combining several items of data.
BGC may collect and use your personal data through the Sites at your disposal.

When performing our engagements, BGC acts as Data Controller.
Consequently, we determine the main objective for use of your personal data and the means for achieving that objective.
To provide our services, BGC may use suppliers or service providers who will act as Processors.

2. Purposes of data processing

Why are we collecting and using your data?
When you browse our Sites, we collect your personal data, either through cookies and “tracking cookies” or forms filled in online.

2.1. Cookies

When you browse our Sites, if you have given your prior consent, cookies may be left and stored on your device to:

  • Ensure that our Sites function smoothly,
  • Measure Site performance and improve your experience,
  • Show personalised advertising based on your browsing history,
  • Let you share content on social media or on our Site platforms.

Our Sites are regularly audited for compliance and, in particular, meet the obligation to inform you and to obtain consent before leaving cookies on your device.

To configure your cookies, go to your data privacy preferences at the bottom of the page on our Sites (“Cookie Preferences”).

2.2. Asking for information and interacting on our Sites

In contact forms and discussion areas on our Sites, you might provide personal data to:

  • Receive information on our services,
  • Receive our newsletter,
  • Be informed of an upcoming event or webinar,
  • Download documents like studies, guidance, press kits, reports, institutional documentation or webinar resources,
  • Share your experience as a BGC client.

3. Legal basis for processing

What gives us the authorisation to collect your personal data when you browse our Sites?

In accordance with Article 6 of the GDPR, BGC is authorised to collect and use your personal data for the above-mentioned purposes based on:

  • Your consent when you browse one of our Sites, fill out a contact form, sign up for a newsletter, share your experience, or sign on to your user account,
  • Our legitimate interest in providing information on our service offers, and events,
  • Our legal obligation to implement a whistleblowing system under French Law 2016-1691 of 9 December 2016 on Transparency, Anti-Corruption, and Economic Modernisation.

4. Categories of Personal Data

What data do we process when you browse our Sites?
When you browse our Sites or send a request form, BGC processes:

  • Personal data memorised by cookies and tracking cookies,
  • Identification (title, surname, first name),
  • Contact details (professional email address, mailing address, telephone number),
  • Data to process your request (type of request and details).

No sensitive data within the meaning of Article 9 of the GDPR is collected intentionally. However, you may send us such data when filling out a form or attending one of our events. In deciding to provide sensitive personal data in this way, you consent for it to be collected and processed.

5. Categories of data recipients

Who can access the data we collect when you browse our Sites?
The following persons are authorised to access your personal data when you browse our Sites:

  • BGC employees you contact through online forms,
  • Our suppliers, partners and service providers, if needed by us.

6. Storage period

How long may we keep the data we collect when you browse our Sites?

  • Personal data memorised by cookies and tracking cookies are kept no longer than needed for the purposes for which they are processed.
  • Personal data collected for communication campaigns is stored in the CRM tool until you withdraw your consent or three years after your last contact with BGC, after which it is deleted. If you refuse to receive marketing messages from us, we keep a record of that choice to comply with it.

We may keep your personal data for a longer period if so required by law or legislation or to establish, exercise or defend our legal rights. If there are no claims requiring the exercise of these rights before a court, your personal data will be deleted at the end of the aforementioned period.

At the end of the storage period, your personal data are securely deleted, following our policies and the standards governing BGC's activities.

7. Transfers outside of the EEA

Is your personal data transferred outside the European Economic Area?
By default, BGC chooses the European Economic Area for the processing of personal data entrusted to it.
However, the Personal Data entrusted to us may be transferred to our suppliers, partners and service providers.

8. Automated decision-making

Are any wholly automated decisions made using your personal data?
A wholly automated decision is one based solely on algorithms applied to your personal data, without any human involvement.

9. Data processing pertaining to minors

Is any data pertaining to minors collected on our Sites?
Our offers and services are not intended for minors under age fifteen (15), so our Sites are not meant to be used by minors either. If you are less than 15 years old, please do not provide any personal data. If you think that you unwittingly provided personal data, ask your parents or legal guardians to inform us and we will delete your personal data.

10. Security measures

How do we protect your personal data?
Generally, BGC undertakes to maintain a safe, reliable environment for personal data and confidential information entrusted to it.

11. Exercising your rights

What are your rights to control your personal data and how can you exercise them?

Your rights

In accordance with the regulation in force, BGC enables you to exercise your rights:

  • Right of access (Art. 15 of the GDPR): You can ask us whether or not we have any data concerning you, and to send it to you to verify the content and whether or not it is accurate.
  • Right to rectification (Art. 16 of the GDPR): You can ask us to rectify incorrect or incomplete information concerning you.
  • Right to erasure or “right to be forgotten” (Art. 17 of the GDPR): You can ask for personal data concerning you to be erased.
  • Right to restriction of processing (Art. 18 of the GDPR): You can ask for the use of some of your personal data to be temporarily suspended.
  • Right to data portability (Art. 20 of the GDPR): You may receive part of your data in an open, commonly-used format in order to transfer it to a third party of your choice, in order to reuse it for other purposes.
  • Right to object (Art. 21 of the GDPR): At any moment, you may object to BGC's use of some of your data.
  • Right to withdraw consent (Art. 7 of the GDPR): If BGC uses your personal data with your prior consent, you may withdraw this consent at any time. After you withdraw your consent, BGC will no longer use your data.
  • Right to “digital death” (Art. 85 of the French Act on Data Processing, Data Files and Individual Liberties): You can give instructions regarding the storage, erasure and communication of your personal data after your death.
  • Right to file a complaint with the French data privacy board, CNIL (Art.12 of the GDPR): If you notice a breach in the processing of your personal data, please contact us, so that BGC can deal with your request as soon as possible. If we do not answer within one month, you may file a complaint with the French data privacy board (Commission Nationale de l’Informatique et des Libertés or CNIL).
    How to exercise your rights
  • To exercise your rights and send us a complaint, or if you have any questions or comments on this privacy policy, you can contact us at matt@baldwinglobalconsulting.com.

BGC’s rights and obligations

BGC has one month to reply after it receives your request to exercise a right. This period may be extended by two months depending on the complexity and number of requests received. If this happens, we will inform you of this delayed reply and explain why within one month of receiving your request. When you make your request, you will be asked to provide ID to keep your data secure and confidential.

BGC can refuse your request to exercise a right if you do not provide ID, or in the cases outlined in the GDPR (unfounded request, infringement on third party rights, compliance with a confidentiality obligation, etc.). If this happens, we will explain why we refuse.
Finally, BGC reserves the right not to reply to requests that are manifestly unfounded or excessive because of their number or repetitive or systematic nature.

12. Changes and updates

This policy may be modified to reflect our current data privacy practices. The date of the latest update is shown at the top of this page. The latest version of the privacy policy is binding.