EU-US Data Privacy Framework
BCT Partners is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy outlines our practices regarding the collection, use, and disclosure of information, covering both primary data collection and secondary data usage. By interacting with BCT Partners, you agree to the practices described in this policy.
Introduction
This Privacy Policy applies to information collected or processed by BCT Partners, including through our websites and in our data processing activities on behalf of our clients. It covers personal data we collect directly (primary data) and data we receive from other entities (secondary data).
Definitions
-
Primary Data: Personal data collected directly from individuals by BCT Partners.
-
Secondary Data: Personal data received from clients or other third parties for processing.
-
Personal Data: Any information relating to an identified or identifiable individual.
-
Children's Data: Personal data relating to individuals under the age of 18.
​​​
Information Collection
Primary Data Collection
We may collect the following types of personal data directly from individuals:
​
-
Contact Information: Name, email address, phone number, postal address
-
Demographic Information: Gender, age, employment details
-
Survey or Assessment Responses: Data collected through surveys or assessments
Secondary Data Usage
We receive secondary data from our clients, which may include:
​
-
Contact Information: Names, email addresses, phone numbers, postal addresses
-
Transactional Data: Details of transactions and interactions with clients
-
Demographic Data: Information about individuals' demographic characteristics
-
Children's Data: Personal data on children received in the course of specific projects (e.g., Maryland foster care, GEMMA Services)
-
Other Personal Information: Any other data provided by our clients
​
Use of Information
Primary Data
We use primary data for:
​
-
Providing and managing our services
-
Conducting evaluations, assessments and research
-
Communicating with you regarding our services
-
Improving our services and website
Secondary Data
We use secondary data strictly for the purposes specified by our clients, such as:
​
-
Data analysis and modeling
-
Developing scoring engines
-
Providing insights and recommendations
-
Supporting our clients' business operations
Disclosure of Information
We may disclose your personal data to:
​
-
Subsidiaries and Affiliates: For operational and business purposes
-
Service Providers and Contractors: Who perform services on our behalf
-
Legal Authorities: If required by law or to protect our legal rights
-
Third Parties: With your consent or as part of a business transaction (e.g., merger or acquisition)
​​
​
Children’s Privacy
​
Primary Data
Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 18, we will take steps to delete such information.
​
Secondary Data
In certain circumstances, we do receive secondary data on children. This data is used strictly for the purposes specified by our clients and is protected with the highest level of security. Any access requests regarding children’s data should be directed to the client that provided the data. We will support our clients in responding to these requests as needed.
​​
​
Choices and Means
We are committed to protecting privacy and ensuring control over if and how personal data of our customers, employees, and partners is used. This policy outlines your choices regarding the collection, use, and disclosure of your information gathered at any time by our organization.
User Choices and Consent
Primary Data
You have the right to:
-
Access and Correct: Request access to your personal data and correct any inaccuracies
-
Opt-Out: Opt-out of receiving communications from us
-
Delete: Request deletion of your personal data
Secondary Data
For secondary data, since we act as a processor on behalf of our clients, any access requests should be directed to the client that provided the data. We will support our clients in responding to these requests as needed.
​
Accountability for Onward Transfer
We ensure that any personal data transferred to third parties is protected according to our high standards. Although we do not currently use third-party processors, should we engage with them in the future, they will be required to process personal data only for specified purposes and in accordance with our instructions. We will establish contracts with third parties to ensure they provide the same level of privacy protection as mandated by applicable data protection laws. We will also conduct regular audits and assessments to verify compliance and hold third parties accountable for any breaches or misuse of personal data.
​​
​
Security
We use appropriate technical and organizational measures to protect personal data from unauthorized access, use, and disclosure. These measures include:
​
-
Access Control Policy
-
Data Classification Policy
-
Information Security Incident Response Procedure
-
IT Audit Policy
-
Security Risk Assessment Policy
-
3rd Party Risk Management Policy
-
Information Privacy and Security Policy
-
Records Retention and Destruction Policy
-
Data encryption in OneDrive for Business and SharePoint Online | Microsoft Learn
​​
​
Data Integrity and Purpose Limitation
We ensure that personal data is reliable for its intended use, kept up-to-date, and retained only as long as necessary to fulfill the stated purposes. Personal data that is no longer necessary for the stated purposes will be securely destroyed or disposed of within 9 months of termination of its intended use, unless otherwise specified in the contract. If requested, we can provide a certificate of destruction. Regular reviews and updates of our data practices are conducted to ensure compliance with these principles.
​​
​
Access
We recognize the importance of transparency and individual rights concerning personal data. However, we do not provide direct access to personal data if the burden and expense of doing so are disproportionate to the risks to the individual's privacy. This decision is made to ensure that resources are allocated efficiently while still respecting privacy rights. In such cases, we will assess requests individually and strive to provide relevant information through alternative, cost-effective means that mitigate any potential risks to privacy.
​​
​
Data Privacy Framework Compliance
BCT Partners complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and adheres to its principles regarding the processing of personal data received from the European Union. Our compliance with the EU-U.S. DPF is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. For more information about the EU-U.S. DPF and to view our certification, visit https://www.dataprivacyframework.gov/.
​​
​
Onward Transfer Liability
BCT Partners remains liable under the Data Privacy Framework Principles if third-party processors process personal data in a manner inconsistent with the principles, unless we can prove we are not responsible for the event giving rise to the damage.
​​
​
Use of Cookies
We use cookies and similar technologies to improve our website and services. Cookies are small files stored on your device that help us recognize your browser and capture certain information. You can control cookie preferences through your browser settings.
​​
​
External Links
​
Our website may contain links to external sites. BCT Partners is not responsible for the privacy practices or content of these external sites.
​​
​
Changes to this Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on our website. Your continued use of our services after any changes indicates your acceptance of the new terms.
​​
​
Contact Information
If you have any questions or concerns about this Privacy Policy, please contact us at:
-
Email: privacy@bctpartners.com
For more information about our privacy practices or to make a complaint, please contact us using the details above.
​​
​
Dispute Resolution
In compliance with the EU-U.S. DPF, BCT Partners commits to resolving complaints related to our collection and use of your personal information. We have agreed to participate in a dispute resolution process with JAMS as our independent dispute resolution provider. If you have any complaints or inquiries, please contact us at privacy@bctpartners.com. If we cannot resolve your complaint, you may contact JAMS for further assistance.
​​
​
Binding Arbitration
Under certain conditions, you may invoke binding arbitration if your complaint has not been fully resolved through the other DPF recourse mechanisms. This arbitration process is outlined in Annex I of the EU-U.S. DPF Principles, and BCT Partners is obligated to follow these terms. To invoke this right, you must notify us and follow the procedures specified in Annex I.
​​
​
Recourse
​​
Please fill out this form.