FTI Consulting, Inc. Privacy Practices
FTI Consulting, Inc. Policy on EU-US Data Privacy Framework (DPF), UK Extension to the EU-US DPF, and Swiss-US DPF
Effective Date: January 7, 2021 -- Last Revised: September 6, 2023.
This policy applies to FTI Consulting, Inc. and its affiliated companies (collectively “FTI Consulting”).
FTI Consulting understands that your privacy is important to you and is committed to safeguarding the confidentiality and privacy of personal information entrusted to it.
Assistance for the disabled
Notice at Collection
FTI Consulting collects the personal information described below for the purposes and for the period described below. We do not sell your personal information or disclose it for cross-context behavioral advertising (“sharing”). We also do not collect or process sensitive personal information for the purpose of inferring characteristics about you. To the extent you provide FTI Consulting with personal information about others, you are responsible for providing this notice to them.
These Privacy Practices covers the following topics:
- Scope of this policy
- Quick read
- Who is your controller?
- When do we collect personal information?
- What types of personal information are collected and what do we use them for?
- What is our legal basis for collecting personal information?
- Disclosure of personal information to third parties
- International hosting and transfer of information
- Information security
- Retention of your personal information
- Your rights in jurisdictions covered by the GDPR and similar laws
- Important additional information for California residents
- Changes to this policy
- Contact us
Scope of this policy
This policy applies to personal information which is collected and/or used by FTI Consulting in its capacity as a controller as that term (or another term with equivalent meaning) is defined in the EU General Data Protection Regulation (GDPR) and other similar laws (e.g., Brazil’s Lei Geral de Proteção de Dados, the DIFC Data Protection Law 2020, etc.). California residents should also review the section of this policy addressing their rights. The contexts in which this might occur are explored under "When do we collect personal information" below.
When we provide Services to clients, we sometimes handle personal information as a processor (for example, the hosting of client data on our e-discovery platforms). This means that we process the information solely on the instructions of our clients, who retain control of the information.
Therefore, if our use of your personal information is not covered by this policy, you may need to contact the client (and controller) on whose behalf the processing of your information is carried out.
For purposes of these Privacy Practices, “Personal information” means information that is related to an identified or identifiable individual or is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or with a household.
FTI Consulting collects personal information from and on behalf of its clients (e.g. about their employees and customers) to provide business advisory services to those clients. It also processes client personal information to manage its relationship with those clients. Further, FTI Consulting also collects some personal information from visitors to this website, recruitment applicants, and attendees at FTI Consulting events.
FTI Consulting uses personal information to deliver its Services to clients. For its own purposes, it also uses personal information to analyse and improve how it delivers those services, to contact representatives of its clients or prospective clients and to market to them, and to administer recruitment and events.
If FTI Consulting uses your personal information, you may have certain important rights which you can exercise. The rights you will be able to exercise will depend on how and why FTI Consulting uses your information.
The primary point of contact at FTI Consulting for questions regarding your personal information is email@example.com (or firstname.lastname@example.org within the European Economic Area).
Who is your controller?
The FTI Consulting entity responsible for your personal information will be the entity that originally collected information from or about you. If you have a direct interaction with FTI Consulting (for example, you attend an FTI Consulting hosted event), the identity of your controller may be disclosed to you in connection with that interaction. If we process your personal information in the course of providing our Services to clients, your controller will be the FTI entity providing the Services (assuming those Services are provided as a controller, see above for an explanation). Please note that the contact details for all FTI entities in respect of data protection or privacy issues are the same, and are as set out below.
When do we collect personal information?
We collect information about you if:
- you use this (or any other FTI Consulting) website;
- you enquire about, or engage FTI Consulting to provide, its Services (either in a personal capacity, or as a representative for your employer or client);
- the use of your personal information is reasonably necessary to provide our Services (in these circumstances, your personal information may be disclosed to us by our client who may, for example, be your employer or service provider, or we may obtain your personal information from a range of public or subscription sources, directly from you, or from your associates or persons known to you);
- you apply for a position with FTI Consulting;
- you attend an FTI Consulting hosted or sponsored event or webinar;
- you visit a FTI Consulting exhibit booth at a conference or industry event;
- you invest in FTI Consulting stock (please see our investor site for more information); or
- you contact us with any other enquiry, complaint or notice.
- we acquire a company or employer, or assets of a company or employer that has your information
What types of personal information are collected and what do we use them for?
The following is a summary of the types of personal information we collect, and the purposes for which that information is used.
FTI Consulting collects your name, address, e-mail address, telephone number and any other personally-identifiable information which you voluntarily provide as “comments” when you submit an inquiry through the “Contact Us” tool. FTI Consulting also collects other background information about you in connection with career-related inquiries that you submit through its website.
FTI Consulting’s Former, Current and Prospective Clients
If you submit an enquiry to FTI Consulting about our Services (either over the website, or by emailing, telephoning or meeting with one of our colleagues), then we will process information such as your name, job title and contact information in order to respond to your enquiry.
If you attend an FTI Consulting event or webinar, or if you associate with an FTI Consulting colleague at, for example, an industry event or conference, then FTI Consulting may collect basic personal information, such as contact details, which you voluntarily provide (for example, by filling in a form or handing over a business card) in order to facilitate your participation in the event, and for the management of our relationship with you as an actual or prospective client.
If you or the organisation you are associated with becomes an FTI Consulting client, then we may process your personal information in order to:
- carry out "Know Your Client" checks and screening prior to starting a new engagement (as well as basic contact information, this may mean processing compliance related information such as proof of your identity, information about your professional background, history of directorships and, in some circumstance, details of any criminal convictions or adverse media coverage);
- carry out background checks for the purposes of complying with anti-money laundering and terrorist financing laws;
- carry out client communication, service, billing and administration;
- deal with client complaints; and
- administer claims.
Taking account of applicable marketing laws, we also process personal information about our clients (former, current and prospective) in order to:
- send our clients newsletters, know-how, promotional material and other marketing communications;
- invite our clients to events (and arrange and administer those events).
Performing Services for Our Clients
As discussed above, many of our Services involve the processing of personal information. In the majority of cases, personal information is provided to us in strict confidence, subject to restrictive undertakings on its use / disclosure.
Illustrative examples of the use of personal information in connection with our Services, and the legal bases we rely upon for using personal information, are set out in Annex 1 (Use of Personal Information for our Services).
If you apply for a position with FTI Consulting, we will need to collect personal information in order to consider your application, and during any interview and assessment phase.
If you enquire about, or decide to purchase stock in FTI Consulting, then we will collect (either from you or from your broker / investment manager) basic personal information required to register you as a stockholder.
If we hire you as a vendor, supplier or contractor, we will need to collect personal information in order to complete transactions and, where applicable, complete appropriate screening activities.
Finally, if you contact us for any other reason, we will collect basic contact details, as well as any other personal information relevant to the reason for your enquiry, in order to resolve that enquiry.
What is our legal basis for collecting personal information?
Certain laws, including the GDPR, require us to establish a ‘lawful basis’ for our processing of your personal information. In the majority of cases, processing will be justified on the basis that:
- the processing is necessary for the performance of a contract to which you are a party, or to take steps (at your request) to enter into a contract (e.g. where you request certain Services as an individual client, or where we help advise your employer or service provider on fulfilling an obligation to you under a contract);
- the processing is necessary for us to comply with a relevant legal obligation (e.g. where we are required to collect certain information about our clients for tax or accounting purposes, or where we are required to make disclosures to courts or regulators); or
- the processing is necessary for the performance of a task carried out in the public interest (e.g. background checks for anti-money laundering and terrorist financing purposes); or
- the processing is in our legitimate interests, subject to due consideration for your interests and fundamental rights (this is the basis we rely upon for the majority of the processing of personal information in connection with the provision of our Services, and also for the purposes of most client on-boarding, administration and relationship management activities).
In limited circumstances, we will use your consent as the basis for processing your personal information, for example, where we are required by applicable law to obtain your prior consent in order to send you marketing communications.
Before collecting and/or using any special categories of data (as that term is defined in the GDPR, or as an equivalent term is defined by other privacy laws), or criminal record data, we will establish a lawful exemption which will allow us to use that information. This exemption will typically be:
- your explicit consent;
- the establishment, exercise or defence by us or third parties of legal claims; or
- other uses allowed by applicable law including context specific exemptions provided for under local laws of EU Member States and other countries implementing the GDPR and similar privacy laws, such as in relation to the processing of special category data for the purposes of preventing or detecting fraud in relation to instructions from potential clients.
Disclosure of Personal Information to Third Parties
FTI Consulting may also disclose your personal information for the purposes of:
- responding to requests from law enforcement agencies, regulators or courts, or to subpoenas, search warrants, or other legal requests;
- the prevention and/or detection of crime;
- establishing legal rights or to investigate or pursue legal claims;
- a merger, acquisition or corporate restructuring to which FTI Consulting is subject;
- preventing risk of harm to an individual.
International Hosting and Transfer of Information
FTI Consulting is a global organization and may transfer certain personal information collected on its websites across geographical borders to FTI Consulting offices, personnel, or third parties located throughout the world. FTI Consulting may also store such information in a jurisdiction other than where you are based including outside of the European Economic Area (“EEA”).
FTI Consulting will take appropriate steps to ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and interests and transfers are limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangement are in place to protect your privacy rights. To this end:
- Transfers of personal information to FTI Consulting's global offices are protected through contractual commitments (such as the Standard Contractual Clauses). FTI Consulting also maintains certifications under the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF schemes, which continue to provide additional privacy safeguards.
- Where we transfer your personal information outside FTI Consulting to third parties who help provide us with any of the activities described in this policy, we obtain contractual commitments (such as the Standard Contractual Clauses) from them in order to protect your personal information.
- Where we receive requests for information from law enforcement, courts or regulators (who may be based overseas), we carefully validate these requests before any personal information are disclosed.
You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above.
FTI Consulting has reasonable technical safeguards, security policies and procedures in place to protect personal information from unauthorized loss, misuse, alteration, or destruction. Measures we take include placing confidentiality requirements on our staff members and service providers, limiting access to your personal information on a "need to know" basis, and providing training to appropriate FTI Consulting personnel. We also maintain comprehensive policies addressing data incident response protocols. Our IT Security Program is audited on a regular basis.
Despite FTI Consulting's best efforts, however, security cannot be absolutely guaranteed against all threats.
Retention of your personal information
FTI Consulting retains your personal information for the period of time required for the purposes for which it was collected, any compatible purposes which we subsequently establish, or any new purposes to which you subsequently consent, or to comply with legal, regulatory and FTI Consulting policy requirements. This period of time will usually be the period of your, or the relevant client's, relationship or contract with FTI Consulting plus a period reflecting the length of time for which legal claims may be made following the termination of such relationship or contract. Some information (such as call recordings, tax records and certain information required to demonstrate regulatory compliance) may need to be kept for longer. Personal information will be kept for a shorter or longer period of time if so required by law or an FTI Consulting policy, if the information becomes subject to a legal hold (for example, following a communication from our regulator) or if we have identified through a data protection impact assessment that a different retention period is appropriate.
Your Rights in Jurisdictions Covered by the GDPR and Similar Laws
If your personal information is processed by an FTI Consulting entity in the EEA, Brazil or another jurisdiction that has adopted the GDPR or similar rules, then, subject to certain exemptions, and dependent on how and why we use it, you have certain rights in relation to your personal information. The rights described below may vary depending on the specific laws that apply to you.
We may ask you for additional information to confirm your identity before disclosing any personal information to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
You can exercise your rights by contacting us. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
Right to Access
You have the right to access personal information which FTI Consulting holds about you, together with certain information about how and why your personal information is processed.
Right to Rectification
You have a right to request us to correct your personal information where it is inaccurate or out of date.
Right to be Forgotten (Right to Erasure)
You have the right under certain circumstances to have your personal information erased. Your information can only be erased if it is no longer necessary for the purpose for which it was collected, and we have no other legal ground for processing the information.
Right to Restrict Processing
You have the right to restrict the processing of your personal information, but only where:
- its accuracy is contested, to allow us to verify its accuracy; or
- the processing is unlawful, but you do not want it erased; or
- it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
- you have exercised the right to object, and verification of overriding grounds is pending.
Right to Data Portability
You have the right to data portability, which requires us to provide personal information to you or another controller in a commonly used, machine readable format, but only where the processing of that information is based on (i) consent; or (ii) the performance of a contract to which you are a party. Please note that FTI Consulting rarely relies upon consent as a legal basis, and the performance of a contract basis will only be relevant to the extent that you, as an individual, are party to a contract with FTI Consulting or a client, and our use of your personal information is necessary for the performance of that contract.
Right to Object to Processing
You have the right to object to the processing of your personal information at any time, but only where that processing is based on our legitimate interests. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
Email (for residents residing in the European Economic Area (EEA), the UK, the UAE, or anywhere Else in Europe, the Middle East or Africa): email@example.com
Email (for residents of any country): firstname.lastname@example.org
Post: Data Protection Officer, c/o the Legal department, FTI Consulting, Inc., 200 Aldersgate St, Barbican, London EC1A 4HD, United Kingdom
FTI Consulting will make all reasonable and practical efforts to comply with your request, so long as it is consistent with applicable law and professional standards.
In addition, under applicable local law you may have the legal right to lodge a complaint with the relevant supervisory authority or local data protection authority.
Important Additional Information for California Residents
This section provides information for California residents, as required under California privacy laws, including the California Consumer Privacy Act and its implementing regulations (“CCPA”). The CCPA generally requires that businesses provide California consumers information about how we use their personal information, whether collected online or offline, and this document is intended to satisfy that requirement. However, the CCPA notice requirement does not apply where we are providing services to our clients, receive personal data and use it solely to provide service to a client and function as a “service provider” within the meaning of the CCPA.
Under the CCPA, “personal information” is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.
Categories of Personal Information that We Collect, Disclose, and Sell or Share
Below please find the categories of personal information about California residents that we may collect and may disclose to third parties or service providers for a business purpose. We describe the purposes of using the personal information in the “What types of personal information are collected and what do we use it for?” section, above, and, in more detail in Annex I, below.
|CATEGORIES OF PERSONAL INFORMATION||DO WE COLLECT?|
|NAME, CONTACT INFORMATION AND IDENTIFIERS: Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.||Yes|
|CUSTOMER RECORDS: Paper and electronic customer records containing personal information, such as name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.||Yes|
|PROTECTED CLASSIFICATIONS: Characteristics of protected classifications under California or federal law such as race, color, sex, age, religion, national origin, disability, citizenship status, and genetic information.||No|
|PURCHASE HISTORY AND TENDENCIES: Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||Yes|
|BIOMETRIC INFORMATION: Physiological, biological or behavioral characteristics that can be used alone or in combination with each other to establish individual identity, including DNA, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.||No|
|USAGE DATA: Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a resident’s interaction with an internet website, application, or advertisement.||Yes|
|GEOLOCATION DATA: Precise geographic location information about a particular individual or device.||No|
|AUDIO/VISUAL: Audio, electronic, visual, thermal, olfactory, or similar information.||Yes (for example, our phone systems include voicemail, and we might record training and other video calls with the participants' knowledge)|
|EMPLOYMENT HISTORY: Professional or employment-related information.||Yes|
|EDUCATION INFORMATION: Information that is not publicly available personally identifiable information as defined in the federal Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99).||No|
|PROFILES AND INFERENCES: Inferences drawn from any of the information identified above to create a profile about a resident reflecting the resident’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||No|
Disclosures for Business Purposes
FTI Consulting does not disclose personal information for commercial purposes. FTI Consulting has disclosed each of the categories of personal information that it collects for the following “business purposes”, as that term is defined under the CCPA, in the last 12 months:
- SERVICE PROVIDERS: For the business purpose of performing services on FTI Consulting’s behalf and, in particular, for the specific purposes described in “What types of personal information are collected and what do we use it for?” section, above, and, in more detail in Annex I, below.
- AUDITORS, LAWYERS, CONSULTANTS, and ACCOUNTANTS engaged by FTI Consulting: For the business purpose of auditing compliance with policies and applicable laws, in addition to performing services on FTI Consulting’s behalf.
- AFFILIATED COMPANIES: To other companies within the FTI family of companies for the business purposes of (1) auditing compliance with policies and applicable laws, (2) helping to ensure security and integrity, (3) debugging, (4) short-term transient use, (5) performing services on behalf of FTI Consulting, (6) internal research, and (7) activities to maintain or improve the quality or safety of a service or device.
No Sales or Sharing
We do not sell or share your personal information¸ where “share” means disclosing personal information to third parties for cross-context behavioral advertising. Without limiting the foregoing, we have not, and have no actual knowledge that we have, sold or “shared” the personal information of individuals of any age, including the personal information of children under 16, in the last 12 months.
Note on Sensitive Personal Information: FTI Consulting does not infer characteristics from sensitive personal information. FTI Consulting only uses sensitive personal information as necessary to perform its services, to ensure security and integrity, or for other purposes permitted by the CCPA without the right to opt out.
The Categories of Sources from Which We Collect Personal Information
- You, as described in the section above titled "When do we collect personal information".
- Service providers, for example, analytics providers, IT, and system administration services.
- Affiliated companies, for example, so that we can assist other companies in the FTI Consulting family of companies in providing you with products or services.
- Automated technologies, for example, browsing activity collected by automated technologies on the website.
- Third parties, for example, lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.
- Public sources, for example, public databases.
- Marketing/advertising companies, for example, from social media platforms, consumer research companies, and analytics or marketing/advertising companies.
- Surveillance/recording technologies installed by FTI Consulting, for example, video surveillance in common areas of FTI Consulting facilities, voicemail technologies, and audio recording technologies with consent to the extent required by law.
- Government or administrative agencies, for example, law enforcement, public health officials, and other government authorities.
- Acquired entity, if FTI Consulting acquired another entity, we might collect personal information from that entity.
Aggregated and Deidentified Information
We may aggregate and/or deidentify information, use it internally, and disclose to third parties. Neither Aggregated Information nor Deidentified Information (defined below) is personal information.
- “Aggregated Information” refers to information about a group of individuals from which the individually identifiable information has been removed. An example of Aggregated Information would be the statistic that 20 people used our website’s contact form on a given day.
- “Deidentified Information” means information subjected to reasonable measures to ensure that the deidentified information cannot be associated with the individual. An example of Deidentified Information would be the data point that an unidentified visitor first entered the website through our main web page. We maintain Deidentified Information in a deidentified form and do not attempt to reidentify it, except that we may attempt to reidentify the information just to determine whether our deidentification processes function correctly.
California Residents’ Rights
California law grants California residents certain rights and imposes restrictions on particular business practices as set forth below.
Notice at Collection. We are required to notify California residents, at or before the point of collection of their personal information, the categories of personal information collected and the purposes for which such information is used.
Right of Deletion: California residents have the right to submit a verifiable request for the deletion of their personal information that we have collected about them, subject to certain exemptions, and to have such personal information deleted, except where necessary for any of a list of exempt purposes.
Right to Correct: California residents have the right to submit a verifiable request for the correction of inaccurate personal information maintained by FTI Consulting, taking into account the nature of the personal information and the purposes of processing the personal information.
Right to Know – Right to Specific Pieces: Up to twice in a 12-month period, California residents have the right to submit a verifiable request for specific pieces of personal information and to have this delivered, free of charge, either (a) by mail or (b) electronically in a portable and, to the extent technically feasible, readily useable format that allows the individual to transmit this information to another entity without hindrance. Please note that the CCPA’s right to obtain “specific pieces” does not grant a right to the whole of any document that contains personal information, but only to discrete items of personal information.
Right to Know – Right to Information: California residents have the right to submit a verifiable request that we provide them certain information about how we have handled their personal information, including the:
- categories of personal information collected;
- categories of sources of personal information;
- business and/or commercial purposes for collecting and selling their personal information; and
- categories of personal information that we disclosed for a business purpose, and for each category identified, the categories of third parties to whom we disclosed that particular category of personal information.
Submitting Requests. Requests to exercise these California rights may be submitted to email@example.com or by contacting us at 833-708-0303 (toll free). We will respond to verifiable requests received from California consumers as required by law.
How We Will Verify Your Request. To verify your request, we match personal information that you provide us against personal information we maintain in our files. The more risk entailed by the request (e.g., a request for specific pieces of personal information), the more items of personal information we may request to verify your identity. If we cannot verify your identity to a sufficient level of certainty to respond securely to your request, we will let you know promptly and explain why we cannot verify your identity.
Right to Non-Discrimination, and Incentives. The CCPA prohibits discrimination against California residents for exercising their rights under the CCPA and imposes requirements on any financial incentives offered to California residents related to their personal information.
Authorized Agents. You may designate an authorized agent to exercise your right to know, to correct, or to delete. If an authorized agent submits a request on your behalf, the authorized agent must submit with the request another document signed by you that authorizes the authorized agent to submit the request on your behalf. In addition, we may ask you or your authorized agent to follow the applicable process described above for verifying your identity. You can obtain the “Authorized Agent Designation” form by contacting us at firstname.lastname@example.org.
In the alternative, you can provide a power of attorney compliant with the California Probate Code.
FTI Consulting may send you information related to its services, products and events that we believe are of interest to you. This information may be sent by post or via email. If at any point you no longer prefer to receive marketing communications from FTI Consulting you can (i) unsubscribe from FTI Consulting communications sent by email using a link provided in marketing emails sent from FTI Consulting; or (ii) contact us to exercise your right to prevent all forms of marketing (both post and email).
FTI Consulting’s websites are not intentionally designed for or directed at children under the age of 16. It is FTI Consulting’s policy never to knowingly collect or maintain information about anyone under the age of 16, except as part of an engagement to provide professional services.
Changes to this Policy
If you have questions or concerns regarding this policy or FTI Consulting’s personal data processing policies, please contact FTI Consulting at:
Via email (for residents residing in the European Economic Area (EEA), the UK, the UAE, or anywhere Else in Europe, the Middle East or Africa): email@example.com
Via email (for residents of any country): firstname.lastname@example.org
Via post: Data Protection Officer, c/o the Legal department, FTI Consulting, Inc., 200 Aldersgate St, Barbican, London EC1A 4HD, United Kingdom
If you are an EEA data subject, FTI Consulting’s appointed EU Representative and contact point under EU GDPR is FTI Consulting Management Solutions Limited. If you are a UK data subject, FTI Consulting’s appointed UK Representative and contact point under UK GDPR is FTI Consulting LLP.
ANNEX 1: USE OF PERSONAL INFORMATION FOR OUR SERVICES
|SERVICE1||WHY IS PERSONAL INFORMATION USED?||WHAT LEGAL BASES ARE RELIED UPON?|
|Corporate Finance||In providing clients with advice on potential M&A transactions or corporate restructurings, or similar activities undertaken to assist clients with corporate operations, or in the event of an insolvency process, we may have access to client provided personal information about employees or customers (of either our client or the corporate target) which is relevant to our analysis of our client's position, for example, a spread sheet containing details of a target's key employees with their job titles and salaries.||Legitimate interest in advising clients on corporate finance transactions or with respect to insolvency processes or arrangements involving consideration of a company's employee or customer base.|
|Global Risk and Investigations Practice ('GRIP')||FTI Consulting carries out corporate investigation and business intelligence services for our clients. These require FTI Consulting's professionals to carry out research regarding companies and individuals of interest to our clients, by using a variety of carefully vetted techniques. These may include the researching of public registers and subscription -only databases, (typically off-the-record and anonymized) interviewing of professional and personal associates, and consultation of media sources. The personal information gathered in this field of work is necessarily diverse, and is typically compiled into a confidential report for the consultation and further use of our client.||Legitimate interest in providing investigatory and intelligence services for clients which involve the detailed consideration of companies and persons identified by our clients.|
|Strategic Communications||FTI Consulting has a team of experts who are experienced in designing and implementing communication strategies for clients. In order to provide clients with tailored, intelligence led strategies, FTI Consulting may be given, and may pro-actively collect through its own research, personal information about key individuals or parties involved in an issue or incident about which our client has requested communications advice.||Legitimate interest in providing public relations consultation to clients, including in relation to the handling of situations relating to or involving particular individuals.*|
|Compass Lexecon||Our Compass Lexecon business provides economic and financial advisory services, for example in the fields of securities litigation, mergers or anti-trust investigations and compliance. This may include providing advice to clients, courts, tribunals and regulators. Inputs to some of these analyses may necessarily include personal information provided for that purpose by the client, or disclosed by another party to a regulatory or judicial process. Such information may include: names; salaries, benefits or other remuneration received; or decisions taken or choices made about spending or other matters.||Legitimate interest in providing economic and financial advisory services to clients, courts, tribunals and regulators in relation to a consideration of factors pertaining to staff, customers, the public interest, or other individual people or groups of people.*|
|Economic and Financial Consulting||FTI Consulting provides economic, financial, valuation and accountancy advice to clients, courts, tribunals and regulators. Inputs to some of these analyses may necessarily include personal information provided for that purpose by the client, or disclosed by another party to a regulatory or judicial process. Such information may include: names; salaries, benefits or other remuneration received; or decisions taken or choices made about spending or other matters.||Legitimate interest in providing economic, financial, valuation or accountancy advice to clients, courts, tribunals and regulators in relation to a consideration of factors pertaining to staff, customers or other individual people or groups of people.*|
|Forensic Accounting, Investigation, Analytics and Litigation Support||FTI Consulting investigates suspected or actual financial irregularities or regulatory breaches and provides expertise, dispute resolution and litigation support for clients to resolve and remediate issues. We also address threat identification and compliance. This may include having access to personal information concerning names, salary and benefit information, job titles and professional history and email content of employees or business partners of the client requiring these services. Our work may require appropriate review of banking and trading account information, including detailed financial transactions of our client’s customers.||Legitimate interest in providing forensic services to clients involving detailed examination of a client's business documents and information, including records of accounts and transactions of their customers.*|
|Health Solutions||FTI Consulting's Health Solutions team provides advice to healthcare clients in relation to operational performance improvement, cost reduction/revenue generation, advisory and implementation requirements. In most cases, personal information which would identify underlying individuals is not provided, and in particular, information concerning health is not provided at a patient identifiable level. In some cases, non-sensitive information about a client's employees (names, job titles) may be required.||Legitimate interest in providing specialist consultancy services to healthcare providers, commissioners and regulators, including in relation to the structure of make-up of their workforces.*|
|Tax (London)||FTI Consulting's tax team advises on employee share incentive schemes, for which it may need access to details about the names, share allocations and national insurance numbers of a client's share scheme members, and on personal tax filings and VAT compliance, for which names, addresses, personal tax information and VAT information respectively may be required.||Legitimate interest in providing advisory services to clients in the fields of share incentive schemes, tax filings and VAT compliance.*
Where the client is a natural person - performance of a contract to which the client is a party.
1 FTI Technology services are not included here as that business unit functions as a data processor for its clients.
*In all cases where legitimate interests is relied upon as a lawful basis for processing Personal Data, FTI Consulting takes steps to ensure that its legitimate interests are not outweighed by any prejudice to the rights and freedoms of the underlying data subjects. This is achieved in a number of ways, including through the application of principles of data minimisation and security, and by taking steps to ensure that personal information is only collected or otherwise obtained where it is relevant to the provision of Services to a client, and where access to personal information for FTI Consulting is reasonably necessary for the provision of those Services.
Effective Date: May 26, 2021.
This policy applies to FTI Consulting, Inc. and its affiliated companies (collectively “FTI Consulting”).
What are Cookies and other Tracking Technologies?
A cookie is a small text file containing small amounts of information that a website puts on a user’s computer (or mobile device) when you visit a website and is used by the website to send information to your browser and for the browser to return information to the website.
What types of Cookies may be used?
First party cookies – First party cookies are set by the FTI Consulting website you are visiting and they can only be read by FTI Consulting.
Session cookies – Session cookies are used by the server to store information about user page activities so users can easily pick up where they left off on the server's pages. These are temporary cookie files, which are erased when you close your browser, and when you restart your browser and go back to the site that created the cookie, the website will not recognize you. You will have to log back in (if login is required) or select your preferences/themes again if the website uses these features. A new session cookie will be generated, which will store your browsing information and will be active until you leave the site and close your browser.
Persistent cookies – Persistent cookies are employed to store user preferences. These files stay in one of your browser's subfolders until you delete them manually or your browser deletes them based on the duration period contained within the persistent cookie's file. For Information on session and persistent cookies, see here.
Third party cookies – Third party cookies are set by a different organization to the owner of the website you are visiting. For example, the website might use a third party analytics company that will set its own cookies to perform this service (for example, as described below, this website uses Google Analytics).
What cookies does FTI Consulting websites use?
The cookies used on our site may fall into the following categories:
- Necessary – Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
- Preference – Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
- Statistics – Statistics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
- Marketing – Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.
- Unclassified – Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
A list of all the cookies used on this site by category is detailed below.
Note: This website does not use any cookies which retain personal information about you after your session ends.
The table below provides additional details on the specific cookies used on FTI Consulting’s website:
|__RequestVerificationToken||Necessary||Helps prevent Cross-Site Request Forgery (CSRF) attacks.||Session|
|ASP.NET_SessionId||Necessary||Preserves the visitor's session state across page requests.||Session|
|AWSELB||Necessary||Used to distribute traffic to the website on several servers in order to optimise response times.||Session|
|AWSELBCORS||Necessary||Registers which server-cluster is serving the visitor. This is used in context with load balancing, in order to optimize user experience.||Session|
|checkForPermission||Necessary||Determines whether the user has accepted the cookie consent box.||1 day|
|CookieConsent||Necessary||Stores the user's cookie consent state for the current domain||1 year|
|emeaCookie||Necessary||Remembers EMEA popup dismissed||1 year|
|FTI_EMEA_Redirect||Necessary||For locales redirected to EMEA site, it remembers the user clicking on OK on the popup to avoid showing it again||Session|
|rc::a||Necessary||This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.||Persistent|
|rc::c||Necessary||This cookie is used to distinguish between humans and bots.||Session|
|visitor||Necessary||Preserves the visitor's session state across page requests.||1 year|
|lang||Preference||Remembers the user's selected language version of a website||Session|
|__coveo.analytics.history||Necessary||Necessary in order to optimize the website's search-bar function. The cookie ensures accurate and fast search results.||Persistent|
|_at.hist.#||Statistics||Used by the social sharing platform AddThis to store the user's usage history of the AddThis sharing widget||Persistent|
|_ga||Statistics||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.||2 years|
|_gat||Statistics||Used by Google Analytics to throttle request rate||1 day|
|_gid||Statistics||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.||1 day|
|AnalyticsSyncHistory||Statistics||Used in connection with data-synchronization with third-party analysis service.||29 days|
|collect||Statistics||Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels.||Session|
|coveo_visitorId||Necessary||Saves information of actions that have been carried out by the user during the current visit to the website, including searches with keywords included.||9999 days|
|image.aspx||Statistics||Registers statistical data on users' behaviour on the website. Used for internal analytics by the website operator.||Session|
|nmstat||Statistics||This cookie contains an ID string on the current session. This contains non-personal information on what subpages the visitor enters – this information is used to optimize the visitor's experience.||999 days|
|SC_ANALYTICS_GLOBAL_COOKIE||Statistics||Used by Sitecore Engagement Analytics to identify the visitor on repeat visits to the website.||10 years|
|visitor/v200/svrGP.aspx||Statistics||This cookie is used to count how many times a website has been visited by different visitors - this is done by assigning the visitor an ID, so the visitor does not get registered twice.||Session|
|__atuvc||Marketing||Updates the counter of a website's social sharing features.||13 months|
|__atuvs||Marketing||Ensures that the updated counter is displayed to the user if a page is shared with the social sharing service, AddThis.||1 day|
|_at.cww||Marketing||Used by the social sharing platform AddThis||Persistent|
|at-lojson-cache-#||Marketing||Used by the social sharing platform AddThis||Persistent|
|at-rand||Marketing||Used by the social sharing platform AddThis||Persistent|
|bcookie||Marketing||Used by the social networking service, LinkedIn, for tracking the use of embedded services.||2 years|
|bito||Marketing||Sets a unique ID for the visitor, that allows third party advertisers to target the visitor with relevant advertisement. This pairing service is provided by third party advertisement hubs, which facilitates real-time bidding for advertisers.||1 year|
|bitoIsSecure||Marketing||Presents the user with relevant content and advertisement. The service is provided by third-party advertisement hubs, which facilitate real-time bidding for advertisers.||1 year|
|bscookie||Marketing||Used by the social networking service, LinkedIn, for tracking the use of embedded services.||2 years|
|ELOQUA||Marketing||Registers a unique ID that identifies the user's device upon return visits. Used for auto-populating forms and to validate if a certain contact is registered to an email group.||13 months|
|ELQSTATUS||Marketing||Used to auto-populate forms and validate if a given contact has subscribed to an email group. The cookie is only set if the user allows tracking.||13 months|
|fti-partial-language-setting||Marketing||Partial language (translation) setting for some locations/experts pages.||Session|
|IDE||Marketing||Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.||1 year|
|lidc||Marketing||Used by the social networking service, LinkedIn, for tracking the use of embedded services.||1 day|
|loc||Marketing||Geolocation, which is used to help providers determine how users who share information with each other are geographically located (state level).||13 months|
|pagead/1p-user-list/#||Marketing||Tracks if the user has shown interest in specific products or events across multiple websites and detects how the user navigates between sites. This is used for measurement of advertisement efforts and facilitates payment of referral-fees between websites.||Session|
|RUL||Marketing||Used by DoubleClick to determine whether website advertisement has been properly displayed - This is done to make their marketing efforts more efficient.||1 year|
|s.gif||Marketing||Registers user behaviour and navigation on the website, and any interaction with active campaigns. This is used for optimizing advertisement and for efficient retargeting||Session|
|TDCPM||Marketing||Registers a unique ID that identifies a returning user's device. The ID is used for targeted ads.||1 year|
|TDID||Marketing||Registers a unique ID that identifies a returning user's device. The ID is used for targeted ads.||1 year|
|test_cookie||Marketing||Used to check if the user's browser supports cookies.||1 day|
|track/cmf/generic||Marketing||Presents the user with relevant content and advertisement. The service is provided by third-party advertisement hubs, which facilitate real-time bidding for advertisers.||Session|
|tuuid||Marketing||Collects visitor data related to the user's visits to the website, such as the number of visits, average time spent on the website and what pages have been loaded, with the purpose of displaying targeted ads.||2 years|
|tuuid_lu||Marketing||Contains a unique visitor ID, which allows Bidswitch.com to track the visitor across multiple websites. This allows Bidswitch to optimize advertisement relevance and ensure that the visitor does not see the same ads multiple times.||2 years|
|UserMatchHistory||Marketing||Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.||29 days|
|uvc||Marketing||Detects how often the social sharing service, AddThis, encounters the same user.||13 months|
|validateCookie||Marketing||Used in context with Account-Based-Marketing (ABM). The cookie registers data such as IP-addresses, time spent on the website and page requests for the visit. This is used for retargeting of multiple users rooting from the same IP-addresses. ABM usually facilitates B2B marketing purposes.||Session|
|visitor/v200/svrGP||Marketing||Collects data on user behaviour and interaction in order to optimize the website and make advertisement on the website more relevant.||Session|
|xtc||Marketing||Registers the user's sharing of content via social media.||13 months|
As noted, FTI Consulting websites use Google Analytics, a web analytics service provided by Google, Inc. ("Google") to help analyze how users use the site, for example which pages are most frequently visited. The information generated by a Google Analytics cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
What if I don’t want cookies to be used?
If you have questions or concerns regarding this policy or FTI Consulting’s personal data processing policies, please contact FTI Consulting at: email@example.com.
POLICY ON EU-US DATA PRIVACY FRAMEWORK (DPF), UK EXTENSION TO THE EU-US DPF, AND SWISS-US DPF**
EU-US DPF, UK Extension to the EU-US DPF, and Swiss-US DPF
FTI Consulting complies with the EU-U.S. DPF-, the UK Extension to the EU-US DPF, and the Swiss-US DPF (collectively the “DPF”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the member countries of the European Union (EU), the European Economic Area (EEA), the UK, and Switzerland to the United States (“Personal Information”). FTI Consulting has certified to the Department of Commerce that it adheres to the DPF Principles. If there is any conflict between the terms in this policy and the DPF Principles, the DPF Principles shall govern. To learn more about the DPF program, and to view FTI Consulting’s certifications, please visit www.dataprivacyframework.gov/s/.
FTI Consulting’s participation in the DPF applies to personal data received from the EU/EEA, the UK, and Switzerland. FTI Consulting will comply with the DPF Principles in respect of such personal data. Some types of Personal Information may be subject to additional privacy-related requirements and policies, which are consistent with the DPF Principles. For example:
- Personal Information regarding and/or received from clients is also subject to any specific agreement with, or notice to, the client, as well as additional applicable laws and professional standards.
- Personal Information regarding FTI Consulting personnel is subject to internal human resource policies.
Types of Personal Information Collected and Purpose for Collection
Personal Information from Client Engagements: FTI Consulting provides professional consulting services to its clients. FTI Consulting’s clients may send Personal Information to it for processing on their behalf as part of the consulting services they have purchased. For example, FTI Consulting may receive Personal Information such as name, email address, employment information, or financial data. FTI Consulting uses any such Personal Information to perform services for its clients and to administer and manage its relationships with its clients.
In the event that a client engagement involves a transfer of Personal Information from the EU to the United States, the relevant clients are responsible for providing appropriate notice, where required, to the individuals whose Personal Information may be transferred to FTI Consulting, including providing individuals with certain choices with respect to the use or disclosure of their Personal Information, and obtaining any requisite consent. FTI Consulting handles such Personal Information in accordance with its clients’ instructions.
Personal Information Regarding FTI Consulting Employees: FTI Consulting may transfer Personal Information regarding FTI Consulting personnel. This Personal Information may include, without limitation, business contact information, employee ID, job role and reporting line, demographic information, work history, compensation and performance ratings. FTI Consulting uses such information to administer and manage its business.
Choice and Accountability for Onward Transfer
Information Security and Data Integrity
FTI Consulting has reasonable security policies and procedures in place to protect Personal Information from unauthorized loss, misuse, alteration, or destruction.
Despite FTI Consulting's best efforts, however, security cannot be absolutely guaranteed against all threats. To the best of FTI Consulting’s ability, access to your Personal Information is limited to those who have a need to know.
If FTI Consulting holds your Personal Information, under most circumstances you have the right to reasonable access to that data to correct any inaccuracies. You can also make a request to update or remove information about you by contacting firstname.lastname@example.org, and FTI Consulting will make all reasonable and practical efforts to comply with your request, so long as it is consistent with applicable law and professional standards.
Recourse, Enforcement and Liability
FTI Consulting commits to resolve complaints about your privacy and its collection or use of your Personal Information in compliance with the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF Principles. Please contact FTI Consulting at: email@example.com should you have a DPF-related (or general privacy-related) complaint.
If you are a resident of the EU/EEA or UK, and you have a complaint related to this Policy that cannot be resolved with FTI Consulting directly, you may report your claim to the Data Protection Authorities located in your jurisdiction. If you are a resident of Switzerland, and you have a complaint related to this Policy that cannot be resolved with FTI Consulting directly, you alternatively may report your claim to the Swiss Data Protection Authority (Federal Data Protection and Information Commissioner). As further explained in the DPF Principles, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means.
FTI Consulting is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
Changes to this Policy
FTI Consulting reserves the right to make changes to this Policy on EU-US Data Privacy Framework (DPF), UK Extension to the EU-US DPF, and Swiss-US DPF from time to time. FTI Consulting will notify you by posting amendments on this website.
Questions and Comments
If you have questions or concerns regarding this policy or FTI Consulting’s Personal Information processing policies, please contact FTI Consulting at: firstname.lastname@example.org.
**This policy covers FTI Consulting, Inc. and its subsidiaries including: Compass Lexecon LLC; FTI Capital Advisors, LLC; FTI Consulting (Government Affairs) Inc.; FTI Consulting (SC) Inc.; FTI Consulting Acuity LLC; FTI Consulting Platt Sparks LLC; FTI Consulting Realty, Inc.; FTI Consulting Technology LLC; FTI Consulting Technology Software Corp.; FTI Hosting LLC; FTI International LLC; FTI LLC; Sports Analytics LLC.