EEA & UK Privacy Statement
Effective Date: March 29, 2018
This Privacy Statement (“Privacy Statement”) applies to the webpages, intranet pages, mobile applications, features, widgets, online services, electronic mail, and related content (collectively, the “Site(s)") owned, operated, or controlled by ICF International, Inc. and its affiliates, subsidiaries, trusted business partners or alliances, agents, subcontractors, or third-party vendors (collectively, "ICF" or which may be referred to as “we”, “us”, and “our”), as well as any personal data ICF collects or uses offline in connection with our services or programs in European Economic Areas (EEA), the United Kingdom and certain Asian countries. This Privacy Statement does not apply to any site that does not display or link to this Privacy Statement or that has its own privacy statement.
Data protection and privacy laws around the globe, including those of the EEA, EU Member States, United Kingdom and certain countries in Asia and the American continents, and those countries deemed by the European Union and others to provide "adequate" or "equivalent" protections, require ICF to provide you with certain information applicable to its collection of your personal data.
ICF is a privacy conscious organization and your trust is paramount to us. We are committed to making sure that any personal data supplied by our clients or client customers or otherwise generated by our business activities is collected and processed fairly and lawfully.
Click on the links that follow or scroll down for additional information on these key topics:
Table of Contents
- What Types Of Personal Data Does ICF Collect?
- How We Collect Information
- How We Use Personal Data
- ICF Service
- Direct Marketing
- International Transfers
- Personal Data Disclosure
- Online Recruitment Data
- Protection of Personal Data
- Your Data Protection Rights
- Children's Online Privacy Protection
- Contact Details
- Policy Updates
In addition to this general Privacy Statement, you may receive notice of other terms that apply to particular promotions or services.
ICF needs certain personal data to enable it to provide its products and services to its clients and end users. The data collected generally may include: company name, company size and sector; individual contact names and job titles for delivery, installation, support and billing; postal address; telephone and fax numbers; and e-mail addresses. If you are a client customer, ICF also may collect certain personal data, such as your name, postal address, telephone number or e-mail address. In providing certain services, ICF also may also have access to certain usage data (e.g., energy) generated during your use of a client service.
In certain circumstances, ICF also may collect financial information about customers, vendors and end users from third parties to enable it to assess its risks in granting credit terms and contact information about organizations it considers may be interested in its products and services.
ICF obtains personal data in various ways, including from requests placed by clients, client customers and end users, both businesses and consumers (whether by telephone, fax or e-mail, Internet or by application form), from enquiries made by existing clients and potential clients (including information gathered at marketing events and via the Internet) and from vendors, contractors or applicants for employment. A name, address (postal and e-mail) and telephone number are the most important pieces of information, particularly for clients, but also for job candidates, prospects and ICF vendors and contractors.
We might request other information, based on, for example, the service(s) being ordered or promoted. ICF also does not obtain data from third party list brokers, from resellers who pass on data to ICF about end users.
While cookies help us improve your experience while visiting our sites, and customize our communications to the services you may desire, you have the option to block them through your Internet browser or other commercially available software. However, doing so may make some of our sites' features unavailable to you.
ICF will not use or process personal data unless one of the following conditions is met:
(i) the individual concerned gives ICF his or her personal data or has consented to such processing. ICF will inform the individual concerned of the identity of the ICF entity that holds the data and what it intends to do with the data as soon as possible after collecting/receiving and/or deciding to retain the personal data.
(ii) ICF needs to carry out such processing (1) to perform, or take steps with view to enter into, a contract with the individual concerned, (2) to comply with legal obligation of ICF or (3) to protect the vital interests of the individual concerned in a `life or death' situation; or in circumstances permitted by applicable data privacy laws.
(iii) ICF needs to carry out such processing based upon a lawful basis to pursue ICF’s legitimate interests, and those interests are not overridden because the processing prejudices the interests or fundamental rights and freedoms of the individual concerned. ICF may in exceptional circumstances, rely on consent given on behalf of the individual, for example, by a company employee on behalf of a family member.
(iv) the individual concerned explicitly agrees that ICF may collect or use data such as racial or ethnic origin; political opinions; religious or other similar beliefs; trade union membership; physical or mental health; sexual life; and/or criminal record based on a full understanding of why the data is being collected.
- Providing and Improving the ICF Service
In particular, ICF uses the personal data it collects to provide a service to its clients, customer clients and ICF end users. Such uses include implementing a service, enabling your account, billing, technical support, product development, fraud detection and prevention, regulatory or law enforcement requirements, and vendor or other payment application. In addition, ICF also will use data to improve on the level and type of service ICF offers to its clients or client customers. As part of this interest in improving the service provided, ICF also may process personal data for the purposes of client use, analysis and reporting.
- Direct Marketing
ICF also may use your personal data to contact you regarding its products and services. Because ICF makes many special events or benefits available to you through relationships with other businesses, it may share personal data with those businesses so that you receive the benefits to which you are entitled. We also sometimes use this information to extend special offers to you jointly with our partners or strategic alliances.
Please note, however, that ICF only will use your personal data for marketing or other purposes unrelated to your specific service where this is in accordance with applicable privacy and data protection laws, and any preferences which you expressed when you registered for a service will be honored.
You may express your preferences to us when you register or subsequently change your preferences by checking certain boxes on our forms, utilizing the unsubscribe or opt-opt mechanisms in the emails we send you, indicating so when we call you, or contacting us at firstname.lastname@example.org.
- Use for Online Recruitment Purposes
- Does ICF Transfer Personal Data Internationally
As a member of the ICF group, which has companies worldwide providing the highest quality consulting and technology services, an ICF affiliate providing a service to you may need to transfer your personal data to other members of the ICF group or to third party companies employed by it to supply certain service elements. Of course, such trusted partners and vendors must use that persona data only for the purpose(s) for which it was shared by you with ICF and protect it from any further use. These companies may be located outside your service country, including transfers to ICF affiliates based in the United States, as necessary for the provision of your service. Although these countries often do not have the same data protection or privacy laws as your service country, or those countries deemed to provide protections that are "adequate" or "equivalent" to the privacy requirements of your service country, at all times the ICF affiliate providing your service binds its global employees and partners to the high standard of personal data protection that it commits to you.
- To Whom Does ICF Disclose Personal Data?
ICF will pass personal data within its internal departments in order to fulfill service and support obligations as well as to finance departments to enable global invoicing.
As a general rule, ICF does not disclose personal data to unaffiliated third parties except, as communicated to you during your service, where such disclosures would be necessary for ICF's provision of the service to you. Such necessary disclosures would occur in accordance with applicable laws and may include: instances where ICF has contracted with third parties to assist in providing services to ICF clients, including such elements as delivery, installation and systems support; where ICF is under an obligation by law to disclose personal data; or where we believe that a disclosure is necessary to identify, contact or bring legal action against individuals who may be endangering public safety or interfering with ICF property or services, or with our customers' or others' use of them.
ICF takes customer confidentiality and security very seriously. We have implemented the appropriate technical, physical, and organizational security measures to help us protect the confidentiality, security, and integrity of your personal data and prevent the loss, misuse, unauthorized access, unauthorized interception, or information alteration. For example, ICF uses encryption, firewalls and other technology and security procedures to help protect the accuracy and security of your personal data and prevent unauthorized access or improper use. For example, you will note that while using some features of the ICF Sites and online services, you will need to submit a password or some other type of authenticating information.
You are entitled to know whether we hold personal data about you and, if we do, to have access to that personal data and require it to be corrected if it is inaccurate. We generally do not make decisions by purely automatic means, but if we do, you have the right to object. Contact us at email@example.com to exercise your:
- Right to extensive information
- Right to access data
- Right of rectification or correction
- Right to erasure/be forgotten
- Right to withdraw
- Right to object
- Right to restriction
- Right to data portability
- Rights in relation to automated decision making
- Right to breach notification Right to make a complaint
You also may exercise your right to change your marketing preferences at any time, by accessing your account online, by checking certain boxes on our forms, utilizing the unsubscribe or opt-out mechanisms in the emails we send you, indicating so when we call you, or Contacting Us.
You can also exercise the right to discontinue marketing communications to you, or to have your personal data removed from our customer relationship management (CRM) databases at any time by using contacting us at contacting us at firstname.lastname@example.org. In such cases, we will retain minimum personal data to note that you opted out in order to avoid contacting you again.
Please note, however, that choosing to delete some types of personal data may prevent us from supplying certain services to you as a client or partner, or responding to your queries as a job applicant, vendor or contractor. In order to better protect you and safeguard your information, we take steps to verify your identity before granting access or making corrections to your information.
We will retain and use your Personal Data as necessary to fulfill your requests or inquiries, provide services, or comply with our legal obligations, resolve disputes, and enforce our agreements. Personal Data about unsuccessful candidates/applicants will be held for 6 months in Europe, UK and Asia.
ICF is committed to protecting children's privacy online. Our Sites are not intentionally designed for or directed at children under the age of 16. ICF will not intentionally collect, maintain, or distribute information about anyone under 16 years of age. If we become aware that we have inadvertently received personal data from a user under the age of 16, we will delete this data from our records.
For questions regarding this Privacy Statement, please contact the ICF global affiliate identified on your service offering, send a letter to the attention of "ICF Data Protection" at your local ICF global affiliate, or send your question directly to:
ATTN: Online Data Privacy Manager
9300 Lee Highway
Fairfax, VA 22031-1207 USA
Please note that you may be required to prove your identity before we can fulfill your request.
If you have questions or concerns about this Privacy Statement or our Sites and email marketing practices, please use any of the above contact means.
As part of ICF's commitment to compliance with global privacy and data protection requirements, and to reflect changes in its operating procedures, ICF may update the terms of this Privacy Statement from time to time and will post the revised Privacy Statement.