Privacy Notice

Please read the Marshfield Consulting Privacy Notice carefully to understand what information is collected through Marshfield Consulting, how this information is used, and when it may be disclosed.

In this Privacy Notice, “Marshfield Consulting” refers to our website, and services. References to “we”, “us” or “our” means Marshfield Consulting. References to “personal information” includes “personal information”.

By visiting our website and using Marshfield Consulting services, you provide your consent and agree to the collection of personal data in a lawful and fair manner. We ensure that the collection and processing of personal data adhere to applicable privacy laws and regulations. If you have any questions or concerns about the data we collect and how it is used, please contact Marshfield Consulting directly using the contact information provided in this privacy policy. Even if you do not read the entire Marshfield Consulting Privacy Notice. 

Data Controller and Data Processor

Marshfield Consulting serves as the data processor for most information collected, acting on behalf of its business customers who serve as the data controllers. Marshfield Consulting may engage third-party sub-processors (as detailed below) to support its operations. If you have any inquiries about the processing of your personal data, please contact us using the contact information provided in this privacy notice.

Types of Data Collected

Marshfield Consulting strictly limits the collection of personal data to that data which its customers opt to share.

When collecting personal data, we strive to be transparent about the purposes for which the data is being collected and how it will be used.

Safeguards

At Marshfield Consulting, we take the security of your personal data seriously. We implement robust technical and organizational measures to protect your data from unauthorized access, disclosure, alteration, or destruction.

We follow industry best practices and standards to ensure the confidentiality, integrity, and availability of your data. Our security measures include but are not limited to:

Encryption: We employ encryption techniques to safeguard your data during transmission and storage.

Access Control: We restrict access to personal data to authorized personnel only, ensuring that it is accessible on a need-to-know basis.

Regular Audits: We conduct regular security audits and assessments to identify and address any vulnerabilities or risks.

Employee Training: Our employees undergo comprehensive data protection training to ensure they understand the importance of data security and privacy.

We are committed to continuously enhancing our security practices and staying up to date with the latest industry standards to provide a secure environment for your personal data.

While we strive to protect your personal data, no method of transmission or storage is 100% secure. Therefore, we cannot guarantee absolute security. If you have any concerns about the security of your data, please contact us using the contact information provided in this privacy notice.

Mode, Place, and Methods of Processing the Data

Personal data is processed using computers and technology-enabled tools in accordance with organizational policies and procedures related to the stated purposes. In certain cases, personal data may be accessible to Marshfield Consulting employees involved in the operation of the Marshfield Consulting website and supporting applications. External parties, such as third-party technical service providers, hosting providers, and IT companies, may also have access to personal data as data processors or sub-processors appointed by Marshfield Consulting.

Legal Basis of Processing

Marshfield Consulting may process personal data when one of the following legal bases applies:

• Consent: Processing is based on the user’s consent for one or more specific purposes.
• Performance of a Contract: Processing is necessary for the performance of a contract between Marshfield Consulting and the user.
• Legal Obligation: Processing is necessary to comply with a legal obligation.
• Legitimate Interests: Processing is necessary for the legitimate interests pursued by Marshfield Consulting or a third party.

The specific legal basis for processing personal data will be provided upon request, including whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Place

Data is primarily processed at Marshfield Consulting’s operating offices and hosting facilities, located in the USA. However, some data may be stored and processed in Canada or the European Union through third-party sub-processors. Data transfers may involve transmitting user data to a country outside its own jurisdiction. 

Retention Time

Personal data is retained for as long as necessary to fulfill the purposes for which it was collected unless a longer retention period is required or permitted by law.

The retention periods are as follows:

Personal data collected for the performance of a contract between Marshfield Consulting and a business customer is retained until the contract is fully executed, or until the business customer requests deletion of the data.

Personal data collected for Marshfield Consulting’s legitimate interests is retained as long as necessary to fulfill those purposes. For specific information about Marshfield Consulting’s legitimate interests, please refer to the relevant sections of this document or contact us using the contact information provided in this privacy notice.

Personal data processed based on user consent may be retained until such consent is withdrawn, provided that it is not otherwise required or permitted by law.

Personal data may be retained for a longer period when necessary to comply with a legal obligation or a lawful order from an authority.

Once the retention period expires, personal data will be securely deleted or anonymized.

The Purposes of Processing

Marshfield Consulting collects and processes personal data for the following purposes:

• Providing Services: Personal data is collected to enable Marshfield Consulting to provide its services.
• Managing Contacts and Sending Messages: Personal data is used to manage contact lists and send communications to users.
• Handling Payments: Personal data is processed to facilitate payment transactions and related communications.
• Displaying Content from External Platforms: Personal data is used to display external content and enable interaction with it.
• Spam Protection: Personal data is analyzed to filter spam traffic and protect against spam.
• Contacting the User: Personal data is processed to respond to user requests and inquiries.
• Selling Goods and Services Online: Personal data is processed for the provision of services or goods, including payment processing and delivery.

Processing and Sharing of Personal Data

Marshfield Consulting engages various services and third-party processors to support its operations. The following provides detailed information on the processing of personal data, the involved services, and the third-party processors:

• Contacting the User:
  • Mailing List or Newsletter – (G Suite/Apollo.io)
  • Phone Contact
  • Contact Form (Website contact us form – https://marshfieldconsulting.com/contact/)
• Marshfield Consulting services:
  • Microsoft Tools
  • G Suite
  • DocuSign CLM
  • DocuSign eSign
• Displaying Content from External Platforms:
  • Google Fonts (Google Inc.)
  • YouTube Video Widget (Google Inc.)

The Rights of Users

Users have the following rights regarding their personal data processed by Marshfield Consulting:

1. Right to Withdraw Consent: Users have the right to withdraw their consent to the processing of their personal data at any time.
2. Right to Object: Users can object to the processing of their personal data based on legitimate interests or for direct marketing purposes.
3. Right of Access: Users can request access to their personal data and obtain information about the processing activities.
4. Right to Rectification: Users can request the correction or update of inaccurate or incomplete personal data.
5. Right to Restrict Processing: Users have the right to restrict the processing of their personal data under certain circumstances.
6. Right to Erasure: Users can request the erasure of their personal data, subject to legal obligations or overriding legitimate grounds.
7. Right to Data Portability: Users can request to receive their personal data in a structured, commonly used, and machine-readable format, and transmit it to another data controller.
8. Right to Lodge a Complaint: Users have the right to lodge a complaint with a data protection authority regarding the processing of their personal data.

To exercise these rights or obtain further information, users can contact Marshfield Consulting using the contact details provided in this document.

Changes to This Privacy Notice

Marshfield Consulting reserves the right to modify or update this privacy notice at any time. Changes will be communicated through the Marshfield Consulting website or other appropriate means. It is recommended to regularly review this privacy notice for the latest information.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Notice, data deletion, accuracy, or any other privacy practices, please contact us at:

Marshfield Consulting

3737 N Marshfield Ave, Chicago, Illinois

info@marshfieldconsulting.com

Privacy Officer Scott Brooks: sbrooks@marshfieldconsulting.com

Last updated: March 1st, 2024