Privacy & Cookie Policy

Porter’s Management Group is responsible for the processing of your personal data as described in this Privacy Policy. For the purposes of the Personal Information Protection and Electronic Documents Act, Porter’s Management Group acts as the organization (or controller/business) responsible for determining the purposes and means of processing your personal data, and may also act as a service provider/processor when processing data on behalf of clients.

The contact details of Porter’s Management Group’s Data Protection Officer are provided in Section 11 below.

1.1. Updates to this privacy & cookie policy

This Privacy & Cookie Policy may be updated periodically. We will update the date at the top of this Privacy & Cookie Policy accordingly and encourage you to check for changes to this Privacy & Cookie Policy, which will be available on our website. On some occasions, we may also actively advise you of specific data handling activities or significant changes to this Privacy & Cookie Policy, as required by applicable law.

1.2 Third-party links

Our website(s) may include links to or functionality from third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

1.3 Porter’s Management Group as Data Processor

From time to time, we may process personal data in the role of a processor or, for the purposes of the Personal Information Protection and Electronic Documents Act, a service provider, on behalf of our clients, including where we facilitate the provision of specific output submitted by or derived from our consultants or clients’ engagements with our contractors or consultants, in each case at our clients’ sole request. In these specific circumstances, our clients act as the controller, and each has in place separate privacy and data security practices, which will also apply. Porter’s Management Group will, however, support our clients as necessary to respond to any requests you have in respect of the processing of your personal data. If you require any further information about our clients’ data processing activities, please contact us using the details in Section 11.

Please note that if you participate in a survey facilitated by Porter’s Management Group, this survey may either be programmed by Porter’s Management Group on behalf of our client or programmed by a third party directly on behalf of our client. This Privacy Policy will apply to the processing of your survey responses, where Porter’s Management Group is the programmer of the survey. Where Porter’s Management Group does not programme the survey, Porter’s Management Group will not collect, store, or otherwise process your survey results, and the third-party survey programmer and/or our client will have in place separate privacy and data security practices that will apply.

"Personal data" means any personally identifiable information belonging to an identifiable natural person, including but not limited to an identifier such as a name, an identification number, location data, an online identifier, or factors specific to the physical, economic, cultural, or social identity of that natural person, and for the avoidance of doubt, includes the term "personal data" as defined in the Personal Information Protection and Electronic Documents Act.

2.1 Categories of Personal Data Collected

We may collect, create, use, store and otherwise process different categories of personal data depending on how you use and interact with our products, services and online channels. We have grouped these categories below as follows:

• Identifier Data, including first name, maiden name, last name, job title, and company name.
• Contact Data, including your address(es), email address(es), and telephone number(s).
• Profile Data, including your CV, professional background, professional headshot, languages spoken, location and country of residence, relevant qualifications, career history and moves, and any additional information, which may include special category personal data and sensitive personal information to the extent it is manifestly made public by you or you voluntarily choose to provide it to Porter’s Management Group in connection with a particular project or service offering. See Section 4 below for the additional measures we have established when processing these special categories of personal data.
• Due Diligence Data, including data you make publicly available (e.g., via social media and networking platforms) where required to meet specific anti money laundering, counter terrorism financing, anti-bribery legislation, or other regulatory requirements, or where needed to research, filter, and verify the experience and qualifications of consultants or contractors, or to screen for potential conflicts of interest.
• Identity Data, including a copy of your governmental ID and a photo of your face that contains facial scan or “biometric” data. For more information on whether this applies to you, see Section 4.
• Financial data (if we need to pay you), including bank account details.
• Payment Data (if you engage with Porter’s Management Group as a client), including your card details and other information to process your payments, including your payment history and billing address.
• Transaction Data, including interactions you may have had with us (e.g., parties entering and exiting our conference bridge, duration and time of interactions), and any expert/client feedback.
• Marketing and Communications Data, including your preferences for receiving marketing from us and your communication preferences.
• Technical Data, including internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website(s) and online services.
• Usage Data, including information about how you use our website, social media pages, apps, products, and services, including the URL clickstream to, through, and from our online channels (including date and time), products you viewed or searched for, the content that you view or interact with, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs or acceptance of our Terms of Engagement), and methods used to browse away from the page.

2.2 Circumstances When We May Collect Your Personal Data

We may collect such categories of personal data either directly from you or from third parties and publicly available sources. The table below describes which categories of personal data are collected and under what circumstances. From time to time, we may ask you to confirm the accuracy of the personal data we process about you.

(i) Where you interact with us directly:

• If you are employed by a client of Porter’s Management Group and your information has been shared with us for the purposes of you using our products and services: Identifier Data and Contact Data
• If you use and interact with our products, services, and online channels, including our website: Technical Data and Usage Data
• If you communicate with us by post, phone, email, surveys, or otherwise: Identifier Data, Contact Data, Profile Data, Transaction Data and Marketing and Communications Data
• If you voluntarily submit certain information to us, for example, during a call with our employees, by filling out a survey, or by uploading information to our platform or one of our approved third-party providers: Information you have provided as part of that request, including Identifier Data, Contact Data, Profile Data, Identity Data and Financial Data.
• If you sign up for an event or webinar: Identifier Data, Contact Data and Profile Data
• If you request to be paid by Porter’s Management Group or receive other monetary or non-monetary compensation from Porter’s Management Group: Contact Data and Financial Data
• If you express an interest in obtaining additional information about our products, services, or employment opportunities, or otherwise use our "Contact Us" page or similar features: Identifier Data, Contact Data, Profile Data and Marketing and Communications Data
• If you are a supplier, contractor, or service provider to Porter’s Management Group (or work for a supplier or service provider): Identifier Data, Contact Data and Financial Data
• If you engage with our services as an individual business user in your capacity as a representative of your employer: Identifier Data, Contact Data, Payment Data, Technical Data and Usage Data
• If you engage with our services as a business, or as the management or owner of a business: Identifier Data, Contact Data, Payment Data, Technical Data and Usage Data

(ii) Where we collect information about you from other sources:

• If we identify you as a potentially relevant consultant(s) or contractor(s) for a specific client project: Identifier Data, Contact Data, Profile Data and Due Diligence Data
• If we need to conduct any vetting or verification processes in order to contract with you: Due Diligence Data
• If you interact with our products and services: Technical Data from analytics, technology and hosting providers

2.3 Aggregating Your Personal Data

We aggregate your Usage Data with the information of other website visitors, experts and clients, creating a dataset of information about the usage of our online channels, our apps, products and services, and other general, grouped information about our user base. It provides a valuable insight into the use of our services, and we may share it with select third parties. This dataset is aggregated and anonymized, meaning it cannot directly identify you as an individual and is not considered personal data.

2.4 When am I Required to Provide Personal Data?

We may have a legal obligation to collect and process your personal data, or we may require your personal data in order to provide you with specific products and services, including accessing our platform.

If you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you, and/or the quality of the products and services we provide to you might be affected. In these circumstances, we may cancel a service you receive from us or stop proceeding with a contract we are trying to enter into with you, but we will notify you if this is the case at the time.

Please note that this does not apply to the collection of biometric data provided by contractors or consultants in applicable jurisdictions for identity verification purposes. The provision of biometric data is voluntary and will not, in any way, impact our payment obligations to you. However, we may be unable to engage you in any further engagements with Porter’s Management Group without first completing our identity check.

In accordance with the Personal Information Protection and Electronic Documents Act S.C. 2000, c. 5, we rely on a number of lawful bases to process your personal data. Where we rely on legitimate interests and it is legally permissible to do so, we have carried out a balancing test to ensure:

• The processing is lawful, proportionate and conducted in accordance with the terms of this Privacy Policy;
• We have a legitimate business need to perform the processing;
• There is no material likelihood of any adverse impact on your interests, fundamental rights, or freedoms as a result of the processing.

You can obtain information on any of our balancing tests by contacting us using the details in Section 11 below.

We may collect and process your personal data for the following purposes and, where legally permissible, rely on the following lawful bases:

Where we need to perform a contract we are about to enter into or have entered into with you. This includes:

• Performing our contract with you for the provision of our products and services and sending you service-related communications;
• Facilitating services or service contracts in respect to which you have agreed to participate or facilitating the creation of other output;
• Managing our client and user accounts, such as billing, subscription management, providing client support and client relationship management;
• Determining compensation for Porter’s Management Group employees, contractors, or other personnel, such as commission, by processing your Transaction Data;
• Managing payments to the extent the processing of Financial Data is necessary to compensate our experts or pay our suppliers;

Where it is necessary for our legitimate interests and we have assessed that your interests, rights, and freedoms do not override those interests:

• It is necessary for our legitimate interest in facilitating appropriate and legally compliant engagements between experts and our clients to process your personal data in order to:
  • research, filter, verify and monitor experts and screen for potential conflicts of interest in order to assess and recommend an expert’s appropriateness for a particular client engagement and to meet applicable legal, regulatory and compliance requirements, including conducting proportionate searches relating to bankruptcy, political affiliation and criminal convictions;
  • conduct identity verification and other fraud detection activities.
• It is necessary for our legitimate interest in providing online and offline content, including improving the user experience for our clients, prospective clients, contractors, and other interested parties, to process your personal data in order to:
  • monitor, maintain, develop and improve the performance of our sites, products and services and customer relationships;
  • analyse trends, usage and activities in connection with our products and services, optimize our marketing efforts, measure the effectiveness of our advertising campaigns and grow and inform our marketing strategy;
  • manage our internal functions, such as keeping our sites secure, (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data), management and corporate reporting, internal research and analytics, and improving business efficacies;
  • create aggregate and statistical data (which cannot be used to identify you). For example, aggregate data may include data that describes the general demographics, usage, or other characteristics of our site’s users.
• It is necessary for our legitimate interest in complying with all legal, regulatory, and compliance requirements to process your personal data in order to:
  • enforce compliance with our policies and procedures;
  • manage and provide all necessary assistance in respect of any legal claims or other compliance, regulatory, auditing, investigatory, or disciplinary purposes (including disclosure of such information in connection with legal process or litigation).

When you have expressly consented to us processing your personal data. This includes, where required under applicable law:

• where you ask us to send marketing information via certain mediums, including by email. For more information about how to modify your preferences about marketing communications, please see Section 10.1;
• where we record phone calls between clients and experts at the request of clients for compliance purposes;
• where we place non-essential cookies or similar technologies on your device;
• where, on other occasions, we ask for your consent for the purpose we explain at the time.

Where consent is relied on, you have the right to withdraw it at any time by contacting us. See Section 11 for our contact details.

Where we need to comply with a legal or regulatory obligation. This includes:

• in response to requests by government or law enforcement authorities conducting an investigation;
• to comply with applicable reporting or other legal obligations.

Your personal data may be combined with the different sources identified in Section 2 for the purposes outlined above. We do not conduct any automated decision-making using your personal data.

In certain limited situations, we may need to process, or ask third parties to process on our behalf, your special category personal data. Special category personal data means information that can reveal your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data (if used to uniquely identify that person), and information concerning a person’s health, sex life, or sexual orientation.

Where we need to process special category data, data protection laws require us to meet one of the specific conditions in Article 9 of the GDPR. This includes where your personal data is manifestly made public by you, e.g. on the internet. We will also rely on your prior, explicit consent to process:

• Profile Data that you voluntarily share with us that falls within the definition of special category personal data, including personal data revealing your racial or ethnic origin and data concerning your health or sexual orientation, to facilitate specific projects that fall within that scope;
• any facial scan data that is processed by an approved third party on our behalf to verify your identity.

Your consent is entirely voluntary, and failure to provide consent will not prevent us from fulfilling our contractual obligations to you.

Where applicable law requires additional safeguards (such as the EU General Data Protection Regulation), we will process such data in accordance with those requirements.

Our website uses cookies and similar technologies to enhance your experience, analyze site usage, and ensure the proper functioning of our services. Cookies are small data files placed on your device (computer, tablet, or mobile phone) when you visit a website. They allow the website to remember your actions and preferences over a period, so you don't have to keep re-entering them whenever you come back to the site or browse from one page to another.

We use various types of cookies for different purposes:

• Strictly Necessary Cookies: These cookies are essential for the operation of our website, enabling core functionalities like security, network management, and accessibility. Without these cookies, the services you have asked for cannot be provided. You cannot opt out of these cookies.
• Performance/Statistics Cookies: These cookies collect information about how you use our website, such as which pages you visit and if you experience any errors. These cookies do not collect any information that could identify you and are used only to help us improve how our website works.
• Functional Cookies: These cookies allow our website to remember choices you make (such as your user name, language, or the region you are in) and provide enhanced, more personal features. They may also be used to provide services you have asked for, such as watching a video or commenting on a blog.
• Marketing Cookies: These cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.

5.1 Your Cookie Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. By consenting to these technologies, you allow us to process data such as browser behaviour or unique IDs on this site, which helps us enhance your experience and understand how you use our site. Choosing not to consent, or withdrawing your consent, may affect certain features and how the site functions for you.

5.2 Detailed Information on Specific Cookies Used

Below are common cookies that may be set by third-party services integrated into our website. Please note that third-party services, including Google, may update cookie names or introduce new cookies as their services evolve. We strive to keep this list updated, but for the most precise and up-to-date information on their cookie usage, please refer to their respective privacy and cookie policies.

Google Analytics:

• Name: _ga, _gid, _gat_UA-XXXXXX-Y (and other related cookies set by Google Analytics. Please note that Google may update these names.)
• Cookie Function: Collects information about how visitors use the website, including the number of visitors, where visitors have come to the website from, and the pages they visited.
• Purpose: Statistics

Google Fonts:

• Name: Typically, no dedicated cookies are set directly by Google Fonts on your site for user tracking, as it's a content delivery service for fonts. Any cookies would be related to caching by the browser. Cookies that are present help ensure the consistent display of website fonts.
• Cookie Function: Helps ensure consistent display of website fonts.
• Purpose: Functional

Google Maps:

• Name: NID, _Request VerificationToken (and others related to Google services)
• Cookie Function: Stores user preferences and information when viewing embedded Google Maps, such as zoom level and map type. Helps display maps correctly.
• Purpose: Functional

We may be required to share your personal data with the third parties listed below for the purposes described in Section 3 above or otherwise with your consent:

• Affiliates: Porter’s Management Group is a business with global operations, based in Canada. Personal data collected in accordance with this Privacy & Cookie Policy may be shared among our group companies to support the effective functioning of our business and the provision of our products and services.
• Service Providers: When we employ third parties to perform a function on our behalf (e.g., IT, hosting, data security, payments, billing, business development, marketing, and communications), they receive only the personal data necessary to perform that specific function. These providers are contractually bound to process data solely as instructed by PMG. PMG does not control their processing practices beyond these contractual obligations. We may use service providers for various purposes, including:
  • delivering our products and services;
  • IT, hosting and data security;
  • payments, billing and support services, including the facilitation of compensation (both monetary and non-monetary) to experts;
  • business development, marketing and communications.
• We may also share personal data where necessary with our accountants, auditors, lawyers, and other outside professional advisors at Porter’s Management Group or in furtherance of legitimate business purposes for Porter’s Management Group, subject to binding contractual obligations of confidentiality.
• Clients: We may share Identifier Data, Contact Data, Due Diligence Data, Profile Data, and Transaction Data relating to consultants with our clients for a particular project.
• Contractors and Consultants: We may share Identifier Data relating to our clients with our consultants in connection with a specific project.
• Legal Requirements: We may disclose personal data to government authorities, regulators, or other third parties if required by law or if we reasonably believe such action is necessary to comply with legal obligations, protect rights or property, prevent fraud, or ensure public safety.
• Business Transfers: In the event of a corporate sale, merger, reorganization, or similar event, your Personal Data may be among the assets transferred. You will be notified of any such change via email and/or a prominent notice on our website.
• Artificial Intelligence (AI) Technology Partners: We utilize AI technology partners to provide certain PMG services, including GPT models, Perplexity AI, Google AI, and GenKit AI. Any personal data transmitted to these partners will only be used to deliver the requested functionality. PMG disallows the use of such data for training AI models unless explicitly disclosed. Clients will be notified of any changes to our AI partner list according to our Data Processing Addendum. For more detailed information on our approach to AI, please refer to our AI & Data Ethics Statement, available at https://portersmg.com/ai-data-ethics.
• Aggregated or Anonymized Data: Any aggregated or anonymized data shared externally cannot be reverse-engineered to identify individuals and is not considered personal data.

Your Personal Data may be transferred to and stored by PMG’s service providers outside your country or jurisdiction. PMG selects service providers based on their reasonable safeguards for data protection, but PMG does not control where providers may store or move data within their own infrastructure.

Such transfers may occur in accordance with applicable privacy laws, including PIPEDA and GDPR, as implemented by service providers where relevant. Personal data processed outside your jurisdiction will be subject to contractual safeguards to protect your privacy.

PMG has implemented appropriate organizational, technical, and physical measures to protect your personal data from accidental loss, unauthorized access, alteration, or disclosure. Access to personal data is limited to employees, agents, contractors, and other third parties who have a business need to know and who are subject to confidentiality obligations.

Procedures are in place to detect, investigate, and notify individuals and regulators of any personal data breaches as required by law.

Please note that transmission of information over the internet is not completely secure. While PMG takes all reasonable measures to protect your Personal Data, any transmission is at your own risk. Users are responsible for protecting passwords, limiting access to devices, and signing out of PMG platforms after use.

PMG retains your personal data only as long as necessary to fulfill the purposes for which it was collected (see Section 3), including legal, accounting, reporting, or audit requirements.

• Identity Verification Data: Any identity verification data processed by PMG or its approved third-party provider is deleted no later than sixty (60) days after completing the legitimate business purpose, unless a longer retention period is required by law.
• Anonymized or Aggregated Data: Data that has been anonymized or aggregated in a manner that prevents individual identification is not considered personal data and may be retained indefinitely.

10.1 Your Rights

Under applicable privacy laws, you have rights, including:

• Access and review your Personal data (subject access request).
• Correct inaccurate or incomplete personal data.
• Request erasure of personal data where there is no legal obligation to retain it.
• Object to processing based on legitimate interests.
• Opt out of direct marketing and optional profiling.
• Request restriction of processing in certain scenarios.
• Request the transfer of your Dersonal Data in a machine-readable format.
• Withdraw consent at any time, which may affect optional services such as marketing communications or AI features, but not essential services.

10.2 How to Exercise Your Rights

You may exercise your rights by contacting PMG’s Data Protection Officer (Section 11). PMG may request additional information to confirm your identity.

10.3 Children's Privacy

Our services are not intended for children under the age of 13 (or 16 where required under applicable law). PMG does not knowingly target children under 13 (or 16 where required) and will delete any personal data inadvertently collected from children below these thresholds.

10.4 No Fee Usually Required

No fee is required to exercise your rights unless a request is unfounded, repetitive, or excessive, in which case PMG may charge a reasonable fee or refuse the request.

10.5 What We May Need From You

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to someone who doesn’t have the right to receive it. We may also contact you to ask you for further information in relation to your request and speed up our response.

10.6 Time Limit to Respond

PMG aims to respond to requests within 30 days of receiving the request. Complex requests may take longer, in which case PMG will provide updates on progress.

We hope we can satisfy any queries you may have about the way we process your personal data. If you have any concerns or would like to exercise any of your rights, contact our Data Protection Officer by email at dpo@portersmg.com

We are committed to working with you to obtain a fair resolution of any complaint or concern about your privacy.