The Cumming Management Group, Inc. Website Privacy Policy

Click here for a PDF version of this policy.
Effective Date: November 14, 2024

This Privacy Policy (“Policy”) describes how the Cumming Management Group, Inc. (“we” or “Cumming Group”) collects, uses, shares, and protects information when you interact with our website (https://www.cumming-group.com) (the “Site”).

When we say “we,” we mean the Cumming Management Group, Inc., who will act as a data controller for your personal data. The address for the Cumming Management Group, Inc. is 276 Post Road West, Westport, CT 06680, United States of America.

This Privacy Policy explains the following:

  • The Information We Collect
  • Our Legal Basis for Collecting Personal Information
  • How We Use Your Information
  • How We Share Your Information
  • How We Protect and Store Your Information
  • Our Retention of Your Information
  • Opt-Out Choices
  • No Use by Children
  • Links to Unaffiliated Third-Party Websites
  • How to Contact Us
  • Your Privacy Rights
  • Jurisdiction Specific Notices
  • Cross-Border Transfer of Personal Information
  • Updates to this Privacy Policy

1. The Information We Collect

We may collect information about you by the following means:

  • Directly from you, when you provide information to us or interact with us;
  • Automatically from you, when you utilize or interact with our Site;
  • From online advertising companies who may share information about the marketing and advertisements you have seen or clicked on, and other sources of publicly available data;
  • From other third party sources such as our, vendors, suppliers, contractors or business partners.

We may collect the following categories of information:

  • Contact information and any other information you choose to include when you sign up to receive information about our services or communicate with us via e-mail, mail, or other channels. This information may include name, e-mail address, company name, mailing address, fax numbers, and phone numbers;
  • Online user activity described in the next section;
  • Legally Required Information that may be required by laws that apply to Cumming Group.

When you interact with the Site, certain information about your use of our Site is automatically collected. This includes:

  • Usage details about your interaction with our Site (such as the date, time, and length of visits, and specific pages or content accessed during the visits, search terms, frequency of the visits, referring website addresses);
  • Device information including the IP address and other details of a device that you use to connect with our Site (such as device type, operating system, browser type, and mobile network information);
  • Location information where you choose to provide the Site with access to information about your device’s location; and
  • Site usage information. We collect information about your interaction with the Site, including the pages viewed and how you reached our Site.

Much of this information is collected through cookies, web beacons, and other similar technologies, which may be operated by our analytics and marketing partners who assist us in serving ads or providing other services to you.

Your browser may allow you to disable cookies, or the cookie providers listed may provide an opt-out tool. Also, the following websites provide useful information about cookies, and may permit you to control the use of cookies by certain third parties: http://www.networkadvertising.org and http://www.aboutads.info.

Like most websites, we use Google Analytics to collect and process certain website usage data. To learn more about Google Analytics and how to opt out of personalized ads from Google, see https://tools.google.com/dlpage/gaoptout.

Note that, when you opt out of personalized advertising, you may continue to see online advertising on the Site and/or our ads on other websites and online services. Please remember that if you do choose to disable cookies, you may find that certain sections of our Site do not work properly.

Our Site does not respond to browser do-not-track signals.

2. Our Legal Basis for Collecting Personal Information

Whenever we collect Personal Information from you, we may do so on the following legal bases:

  • If we have your consent;
  • To perform our agreement with you;
  • Our legitimate interest, including but not limited to the following circumstances where collecting or using Personal Information is necessary for:
    • Intra-organization transfers for administrative purposes;
    • Services development and enhancement, where the processing enables Cumming Group to enhance, modify, personalize, or otherwise improve our services and communications for your benefit;
    • Communications and marketing, including processing data for direct marketing purposes, and subject to your opt-in for these purposes, and to determine the effectiveness of our promotional campaigns and advertising;
    • Fraud detection and prevention;
    • Enhancement of our cybersecurity, including improving the security of our network and information systems; and
  • General business operations and diligence;
  • To comply with a legal obligation to which Cumming Group is subject.

By “legitimate interests” we mean our interests in conducting and managing our business activities and to ensure that we are guaranteeing the best service for you. Where we use your information for our legitimate interests, we make sure that we take into account the potential impact that such use may have on you. We won’t use your information if we believe your interests should override ours, unless we have other lawful grounds to do so (such as your consent or if we have a legal obligation).

3. How We Use Your Information

We use the information we collect from you for the following purposes:

  • Provide our Site to you;
  • Respond to your requests for updates, comments, and questions;
  • Monitor the performance of our Site including metrics such as total number of visitors, traffic, and demographic patterns;
  • Interact with you, including to notify you with updates regarding our tests and products and to inform you about important changes to this Policy and other policies;
  • Tailor the content we display to you in our Site and communications, including advertising;
  • Manage, operate, and improve the Site, including our understanding of our readers and the effectiveness of our marketing, and diagnose or fix technology problems;
  • Comply with legal requirements and industry standards, detect, investigate, and prevent activities that may violate our policies or be fraudulent or illegal, and protect the rights of Cumming Group, you, or others;

We may use and share information in an aggregated or de-identified manner at our discretion, including for research, analysis, modeling, marketing, and improvement of our Site.

4. How We Share Your Information

  • Vendors, and Service Providers. We may share information with service providers that we believe need the information to perform a research, business, or other professional function for us such as website operation, maintenance and hosting of our Site, business partners, accounting, auditing, and tax services, and other professional services.
  • Merger, sale, or other asset transfers. We reserve the right to transfer to another entity or its affiliates or service providers some or all information about you in connection with, or during negotiations of, any merger, acquisition, sale of assets, or any line of business, change in ownership control, or financing transaction. We cannot promise that an acquiring party or the merged entity will have the same privacy practices or treat your information the same as described in this Policy.
  • Legal. We share information where necessary to comply with applicable law, to respond to requests from law enforcement agencies or other government authorities or third-parties, as permitted by law and without your consent when it is necessary to protect our customers, employees, or property; in emergency situations; or to enforce our rights under our terms of service and policies.

5. How We Protect and Store Your Information

As a general rule, we keep your data for only as long as it is needed to complete the purpose for which it was collected or as required by law.

We use a combination of physical, technical, and administrative safeguards to protect the information we collect through the Site. While we use these precautions to safeguard your information, we cannot guarantee the security of the networks, systems, servers, devices, and databases we operate or that are operated on our behalf.

6. Our Retention of Your Information

We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal information we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.

7. Opt-Out Choices

Email Marketing. If at any time you no longer wish to receive marketing communications from us, you can click the unsubscribe link at the bottom of the relevant email or email us as privacy@cumming-group.com.

8. No Use by Children

We do not knowingly or intentionally gather personal information about children who are under the age of 13. If a child has provided us with personal information, a parent or guardian of that child may contact us at privacy@cumming-group.com to have the information deleted from our records. If we learn that we have inadvertently collected the personal information of a child under 13, or equivalent minimum age depending on jurisdiction, we will take steps to delete the information as soon as possible and cease the use of that information in accordance with applicable law.

9. Links to Unaffiliated Third-Party Websites

The Site may contain links to unaffiliated third-party websites. This Policy does not apply to the practices of such other websites, and we are not responsible for the actions and privacy policies of the third parties that operate or interact with those websites.

10. How to Contact Us

If you have questions about this Policy or if you would like to make a suggestion about our privacy practices, please send an email to privacy@cumming-group.com.

11. Your Privacy Rights

Certain jurisdictions have specific legal requirements and grant privacy rights with respect to personal information, and we will comply with restrictions and any requests you submit as required by applicable law. For example, you may have the right to: (1) obtain a copy of personal information we maintain about you in a portable format; (2) correct inaccuracies or incompletion in your personal information; (3) object to the continued processing or use of your personal information; (4) complain to a supervisory authority; (5) or request that personal information be deleted. You may also have the right to not be discriminated against for exercising your privacy rights. If you are a resident of California in the United States, the European Economic Area, Switzerland or United Kingdom, see our “Jurisdiction-Specific Notices” section below for additional information as to how to exercise rights under the laws of those jurisdictions. If you are located outside that jurisdiction and seek to exercise your rights under the law of another jurisdiction, please contact us by emailing privacy@cumming-group.com.

To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to the information. When you make a request, we may require that you provide information and follow procedures so that we can verify your identity (and the applicable jurisdiction). The verification steps we take may differ depending on your jurisdiction and the request. Where possible, we will attempt to match the information that you provide in your request to information we already have on file to verify your identity. If we are able to verify your request, we will process it. If we cannot verify your request, we may ask you for additional information to help us do so. We will respond to your request within the time period required by applicable law. However, we may not always be able or required to comply with your request, in whole or in part, and we will notify you in that event.

12. Jurisdiction Specific Notices

(a) European, Swiss and United Kingdom Residents

The European Union’s General Data Protection Regulation (“GDPR”), and corresponding legislation in the UK and Switzerland, provide EEA, UK and Swiss residents with certain rights in connection with the personal information you have shared with us. If you are resident in the EEA, Switzerland or UK, you have the right to:

  • Request access to your personal data (commonly known as a “subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data in certain circumstances. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.
  • You also have the absolute right to object any time to the processing of your personal data for direct marketing purposes.
  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. We do not use personal information to make automated decisions about you in any situations where you may have a legal right to opt out.
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in one of the following scenarios:
    • If you want us to establish the data’s accuracy;
    • Where our use of the data is unlawful but you do not want us to erase it;
    • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
    • You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

You may submit a request to exercise these rights by emailing privacy@cumming-group.com.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You also have the right to file a complaint by contacting your local supervisory authority for data protection. Contact details for EU data protection authorities are available at https://ec.europa.eu/newsroom/article29/items/612080. If you are based in the UK, you can make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk).

(b) California Residents

During the last twelve (12) months, we have collected the following categories of personal information from California residents. Please see our Cookie Policy for information about the collection and use of personal information by third parties who process information collected by cookies and related technologies that we permit them to use on the Site. Except as indicated below in the “California Job Applicants” section and the “Information We Collect” and the “How We Use Your Information” section, we do not seek to collect any additional “sensitive personal information” (as defined in the California Consumer Privacy Act, as amended by the California Privacy Rights Act (the “CCPA”)).

Category

Examples of Identifiers We Collect

Sold or Shared

Criteria used to determine retention periods

Disclosed To

Identifiers

First and last name, unique personal identifier, online identifier, IP address, email address

Certain information may be sold or shared, including to advertising and marketing partners and analytics providers

The duration of our relationship with you; the length of time necessary to complete a transaction; whether your personal information is a sensitive type; whether you specifically consented to retain the data; and our legal, contractual or similar obligations to retain or delete the data.

Service providers, advertising and marketing partners, analytics providers

Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))*

A name, address, telephone number, email

Not sold or shared

Same as above.

Service providers

Internet or other similar network activity

Browsing history, information on a consumer’s interaction with a website

Sold and shared

Same as above.

Service providers, advertising and marketing partners, analytics providers

Geolocation information

Physical location

Not sold or shared

Same as above.

Service providers

California Residents that are Job Applicants

When you apply for a job with the Cumming Group, information may be collected about you in multiple ways: you may provide it to us in connection with your application; we may make observations in the application process or collect information from public information sources; or you may authorize us to collect information from other sources, such as a former employer or reference.

The following table describes our practices with regard to information submitted in the job application process. If you use our Sites in the job application process, additional information may be automatically collected, as described above.

Category (* may constitute “sensitive personal information” under the CCPA)

Examples

Sold or shared

Criteria used to determine retention periods

Disclosed to

Identifiers*

Name, email address, phone number, and contact address, username, Social Security number

Not sold or shared

The duration of our relationship with you; the length of time necessary to complete a transaction; whether your personal information is a sensitive type; whether you specifically consented to retain the data; and our legal, contractual or similar obligations to retain or delete the data.

Service Providers

Protected Classifications*

Gender, race and ethnicity, date of birth

Not sold or shared

Same as above.

Service Providers

Geolocation Information*

Location information (e.g., ZIP code, IP address)

Not sold or shared

Same as above.

Service Providers

Professional or employment-related information.

Employer’s name, employer’s address

Not sold or shared

Same as above.

Service Providers

Education Information

Institutions attended, degrees and certifications attained

Not sold or shared.

Same as above.

Service Providers

In certain circumstances, you may submit your application for employment through a third-party service that displays our job posting. We do not control the privacy practices of these third-party services. Please review their privacy policies carefully prior to submitting your application materials.

Rights Specific to California Residents

A California resident has the following rights:

  • to request additional information about our data collection, use, disclosure, and sales practices in connection with your personal information;
  • to request the specific personal information collected about you during the previous 12 months;
  • to request the deletion of the personal information we have about you, with exceptions;
  • to request a restriction on certain processing of personal information;
  • to request correction of inaccurate information, and;
  • to opt-out of the selling or sharing or personal information, as defined by the CCPA.

You may not be discriminated against for exercising your California privacy rights. You may submit a request to exercise your rights under the CCPA through one of the following means:

  • Call us at 203-635-9540 or
  • Send us an e-mail at privacy@cumming-group.com with the subject heading “California Privacy Rights”

We will confirm receipt of your request by email.

To opt-out of selling or sharing, please click on the “Do Not Sell or Share My Personal Information” link on the Site.

To help protect your privacy and maintain security, we may take steps to verify your identity before granting you access to the information. In some instances, such as a request to delete personal information, we may first separately confirm that you would like for us to in fact delete your personal information before acting on your request.

We aim to respond to your request as soon as reasonably practicable and consistent with any applicable laws. If we require more time, we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. You may authorize another individual or a business registered with the California Secretary of State, called an authorized agent, to make requests on your behalf through these means. We may have a reason under the law why we do not have to comply with your request, or why we may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.

California residents are also entitled to contact us to request information about whether we have disclosed personal information to third parties for the third parties’ direct marketing purposes. Under the California “Shine the Light” law, California residents may opt-out of our disclosure of personal information to third parties for their direct marketing purposes. In your request, please attest to the fact that you are a California resident and provide a current California address for our response. Please be aware that not all information sharing is covered by the California privacy rights requirements and only information on covered sharing will be included in our response. We reserve our right not to respond to requests submitted to addresses other than the addresses specified in this paragraph.

You can learn more about how to submit a data rights request, or appeal denial of a request, by emailing privacy@cumming-group.com.

13. Cross-Border Transfer of Personal Information

Cumming Group provides a global service, and transferring data internationally is essential to the services provided to our clients on this website. If you use our services, you understand that we may transfer your personal information outside of your home jurisdiction, including to the United States and other countries that may not have the same level of protection for personal information.

Cumming Group complies with laws governing the international transfer of personal information, typically through the execution of legally required data protection agreements incorporating, where applicable, standard contractual clauses, or other instructions or measures that may be specified, updated, amended, replaced or superseded from time to time by the applicable regulatory authority.

14. Updates to this Privacy Policy

Our Privacy Policy may change from time to time. We will post any privacy policy changes on this page and, if the changes are material, we may provide a more prominent notice (including, email notification of privacy notice changes) for a reasonable period of time. Nevertheless, you should review this Policy from time to time to be sure you are aware of the most recent version.

Personal Information Request Form