Stout Risius Ross, LLC (and all affiliates and subsidiaries, collectively "Stout") values your privacy and is committed to complying with the applicable data privacy and security requirements in the countries in which it operates. Stout complies with internationally recognized standards of privacy protection and with various privacy laws globally including, but not limited to, the EU General Data Protection Regulation (GDPR).
Who is Collecting Data
Data will be collected by Stout Risius Ross, LLC (and all affiliates and subsidiaries, collectively "Stout").
Data We Collect
Stout collects the following categories of personal data:
Contact data and other identifiers: We may collect information about data subjects such as name and contact details (email, phone number, mailing address) in order to communicate and facilitate the provision of our services with our clients or potential clients and to respond to your requests. For example, contact details of individuals who work for or on behalf of the clients, in order to carry out the client’s engagement with Stout.
Services data: Personal data may be provided to us by clients to the extent required to perform the services. Stout may also acquire personal data from a third party at the direction of our client as required to perform services.
Employment Information: We collect the information you choose to disclose if you apply for potential employment with Stout, such as your educational history, professional experience, and certain sensitive information such as race, age, citizenship, and any disabilities you may have.
Marketing information: We may collect information to respond to inquiries regarding our services or to provide you with information, reports, or updates. This information includes the contact data and website visitor information described above as well as information about your occupation or employer if you provide it to us.
Clients and other third parties who provide personal data to Stout must do so in compliance with applicable data privacy regulations.
Processing of Personal Data
- To provide the products or perform the services requested by clients and individuals pursuant to a letter of engagement, statement of work, or similar (where the processing is necessary for our legitimate business interests in conducting and managing our business).
- To provide the products or perform the services requested by clients and individuals using our website or web applications (where the processing is necessary for our legitimate business interests in conducting and managing our business).
- For complying with obligations provided by laws, current regulations and legislation (e.g. tax regulations) (where processing is based on a legal obligation)
- For legitimate business purposes to advise you through e-mail, phone call, electronic communication, or postal mailings, in the framework of our ordinary commercial relationship, about other products or services similar to the products or services we have provided to you and that we think will be of interest to you (where the processing is necessary for our legitimate business interests).
- For marketing purposes. For example, we may use your information to further discuss your interest in our services and to send you information regarding Stout promotions, events, products or services.
- For security purposes. For example, we may use your data to protect Stout and its third parties against security breaches and to prevent fraud and violation of Stout’s applicable agreements (where the processing is necessary for our legitimate business interests).
Whenever we process your personal data for our legitimate interests, we make sure to consider and balance any potential impact on you and your rights under data protection laws. Our legitimate business interests do not automatically override your interests - we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You have the right to object to this processing if you wish.
How Personal Data is Processed
Personal data is processed by Stout both manually and electronically in accordance with the above-mentioned purposes and in compliance with current regulations.
We permit only authorized Stout employees and third-party service providers to have access to your information. Such employees and third-party services providers are appropriately designated and trained to process data only according to the instructions we provide them
Storage of Personal Data
Stout will retain personal data for a reasonable period, taking into account legitimate business needs to capture and retain such information. Information will also be retained for a period necessary to comply with state, local, federal regulations, or country specific regulations and requirements, and in accordance with Stout’s Document Retention Schedule.
Disclosure/Sharing of Personal Data
- Stout may be required to disclose personal data in response to lawful requests by public authorities, including meeting national security or law enforcement requirements.
- If Stout’s business enters into a joint venture with or is merged with another business entity, your information may be disclosed to our new business partners.
Cross – Border Transfers of Personal Data
Data concerning EU data subjects may be transferred to or processed in locations outside of the EU only where one of the following safeguards is in effect:
- Transfers to certain countries which the EU Commission has determined ensures an adequate level of protection;
- Transfers pursuant to standard contractual clauses or contract terms ensuring adequate data protection;
- Where required, Stout entities have entered into European Union Model Clause Agreements which allows for the processing of your personal data and for transfers of your personal data.
Automated Decision Making
Automated decisions are defined as decisions about individuals that are based solely on the automated processing of data and that produce legal effects that significantly affect the individuals involved.
Stout does not make automated decisions using personal data. If automated decisions are to be made, affected persons will be given an opportunity to express their views on the automated decision in question and object to it.
- Opt Out of Marketing Communications: If you are located in the EU, we will only send you marketing communications and updates about our products, services and events with your prior consent. You can withdraw your consent at any time. If you are not located in the EU, you may opt-out of receiving marketing communications and updates at any time. You can manage your receipt of marketing and non-transactional communications by clicking on the «unsubscribe» link located on the bottom of Stout’s marketing emails. Additionally, you may send a request to email@example.com.
- Consequences of Not Providing Information: If you choose not to provide certain information, it may be an impediment to the exchange of information necessary for the execution of the contract or provision of services, and we may not be able to provide you with some services and you may not be able to participate in some of the activities on our website(s).
Third Party Websites or Other Services
We are not responsible for the privacy practices of any non-Stout operated websites, mobile apps or other digital services, including those that may be linked through Stout websites or services, and we encourage you to review the privacy policies or notices published thereon.
Notice to European Users
Individuals residing in the European Economic Area have the following rights concerning your data processed by Stout:
- Access: You have the right to access personal information that Stout holds about you.
- Rectification: You have the right to ask us to rectify information Stout holds about you if it is inaccurate or not complete.
- Erasure: You can request that Stout erase your personal data. We may keep basic data to identify you and retain it solely for preventing further unwanted processing.
- Restrict Processing: You have the right to ask Stout to restrict how we process your data. This means we are permitted to store the data but not further process it. We keep just enough data to make sure we respect your request in the future.
- Object to processing: Where processing is based on legitimate interests, you have the right to object to Stout processing your data. Stout will discontinue processing your data, unless we can demonstrate compelling legitimate grounds for the processing. We may keep basic data to identify you and retain it solely for preventing further unwanted processing.
- Portability: Where processing is based on consent or performance of a contract, you have the right to data portability. Stout must allow you to obtain and reuse your personal data for your own purposes in a safe and secure way without this effecting the usability of your data. This right only applies to personal data that you have provided to Stout as the Data Controller.
- Lodging Complaints: If we are not able to satisfactorily resolve your questions, concerns, or complaints, or if you believe that the processing of your personal data infringes on your rights under applicable data protection laws, you have the right, without prejudice to any other administrative or judicial remedies, to lodge a complaint with a supervisory authority, in particular, in the Member State of your habitual residence, place of work or place of the alleged infringement. Contact information for the supervisory authorities may be found here: EU Data Protection Authorities.
Please contact firstname.lastname@example.org to request access, rectification, or erasure, or to restrict processing, to object to processing, or to request data portability.
UK Residents: For the purposes of GDPR, the data controller is Stout Park Ltd (Company Number 8923987), 57 Grosvenor Street, London W1K 3JA, United Kingdom. We can be contacted at email@example.com or on +44 20 3405 3296.
Notice to Japanese Users
If we receive non-personally identifiable user information relating to individuals who reside in Japan from Google in connection with our use of Google Analytics, Stout will not merge that information with those user’s personally-identifiable information unless, prior to such processing, Stout has obtained all legally required consents from the user and have provided Google with accurate and complete information about the processing.
Please contact firstname.lastname@example.org if you have any questions, to restrict processing, or to object to processing.
Notice to California Residents
Shine the Light: Under California’s “Shine the Light” law, California residents have the right to ask us once a year if we have shared their personal information with third parties for their direct marketing purposes. To make a request, please contact us at email@example.com and specify you are making a Shine the Light request.
California Consumer Privacy Act (“CCPA”): The CCPA creates privacy rights for California residents and requires businesses to make disclosures about their privacy policies and practices related to personal information. This section does not cover information we collect about you as an employee of Stout. For more information about our privacy practices relating to employee information, please see our Employee Handbook.
Categories of Personal Information Collected: In the last twelve months, we have collected the following categories of personal information: identifiers; characteristics of protected classifications under California or U.S. law; occupation, professional, or employment-related information; and Internet or other electronic network activity information. For examples of the data points we collect, please see the “Data We Collect” section, above.
Sources of Personal Information: We have collected this information directly from you, passively when you visit our website or view our electronic communications, and from third parties such as our clients and business partners. For more information, please see the “Data We Collect” section, above.
Categories of Personal Information Disclosed and Third Parties With Whom We Share This Information: We do not sell your personal information, but we may disclose it to third parties for a business purpose. In the past twelve month, we have disclosed identifiers; professional, occupational and employment-related information, and Internet or other electronic network activity information to our third party marketing service providers. We have also disclosed identifiers; characteristics of protected classifications under California or U.S. law; occupation, professional, or employment-related information; and educational information to the third party provider of background checks in connection with potential employment. For more information about the personal information we share, please see the “Disclosure/Sharing of Personal Data” section, above.
Your Rights: The CCPA gives you certain rights regarding your personal information:
- Right to Know: You may request no more than twice in a 12-month period that we provide you with copies of specific personal information we have collected, sold, or disclosed about you. However, under California law, we cannot provide you with certain sensitive information, despite your request (for example, we will not send you copies of your social security number even if it is something we collected).
- Right to Delete: You may request that we delete personal information we have collected about you, with certain exceptions.
To exercise your rights above, please submit a request by: emailing us at firstname.lastname@example.org, calling us at +1.833.204.0822 or fill out this form. Please describe your request with sufficient detail so we can properly respond to your request. As part of your request, please specify which right you are exercising and provide your name, contact information, and the type of request you wish to make. We may ask for additional information to verify your identity. The information you provide in your request and any follow up information we ask for from you will be used solely to verify your request.
Only you or an individual designated as your authorized agent to act on your behalf may make a request related to your personal information. You may also make a request on behalf of your minor child.
We may not discriminate against you if you choose to exercise your rights.
After receiving your request, we may need to contact you for further information and will notify you if your request has been granted or declined, or if an exception applies to your request. We will try to respond to your request within 45 days. If we need more time, we will contact you with the reason we need more time and the extension period. We will deliver our written response by mail or electronically, at your option. In response to your request to know, we will only disclose the information we have collected in the 12 months prior to our receipt of your request. Our response will also explain the reasons we cannot comply with any request, if applicable.
We do not charge a fee to process or respond to your request unless your request is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate prior to completing your request.
Verifying, Changing, or Deleting Your Information
Please contact us with questions, concerns, or complaints at:
150 West Second Street, Suite 400
Royal Oak, MI 48067