FTI Consulting, Inc. Global Privacy Policies
Below you will find FTI Consulting, Inc.’s Global Privacy Notice and Policy on EU-US Data Privacy Framework (DPF), UK Extension to the EU-US DPF, and Swiss-US DPF (collectively “Global Privacy Policies”). These Global Privacy Policies apply to FTI Consulting, Inc. and its affiliated companies and subsidiaries** (collectively “FTI Consulting”). PLEASE READ THESE POLICIES CAREFULLY.
FTI Consulting, Inc. Privacy Notice (Chinese – 点击中文, Chinese Policy Supplement, Français, Deutsch, Español)
FTI Consulting, Inc. Policy on EU-US Data Privacy Framework (DPF), UK Extension to the EU-US DPF, and Swiss-US DPF
FTI Consulting, Inc. Cookie Policy
Privacy Notice
Effective Date: January 7, 2021 -- Last Revised: June 27, 2025.
This Global Privacy Notice applies to FTI Consulting, Inc. and its affiliated companies and subsidiaries ** (collectively “FTI Consulting”) as listed in the annual filings in the US Securities and Exchange Commission.
FTI Consulting understands that your privacy is important to you and is committed to safeguarding the confidentiality and privacy of Personal Information entrusted to it.
This notice describes how FTI Consulting handles and protects your Personal Information in connection with:
- the hosting of this website,
- the provision of its diverse business advisory services in the fields of corporate finance and restructuring, economic and financial consulting, forensic and litigation consulting, health solutions, strategic communications and technology ("Services"), as explained in more detail here: http://www.fticonsulting.com/services,
- and for the additional reasons as listed in the section below titled When Do We Collect Your Personal Data
For all enquiries the primary point of contact at FTI Consulting for questions regarding your Personal Information is dpo@fticonsulting.com.
Notice at Collection
FTI Consulting collects the Personal Information described below for the purposes, and for the period as described within.
We do not Sell your Personal Information or disclose it for cross-context behavioral advertising (“Sharing”).
We also do not collect or process sensitive Personal Information for the purpose of inferring characteristics about you, unless you are informed otherwise and there is justified legal basis.
To the extent you provide FTI Consulting with Personal Information about others, you are responsible for providing this Global Privacy Notice to them.
This Global Privacy Notice covers the following topics:
- Scope
- Quick read
- Who is controller of your Personal Information?
- Our Approach
- When do we collect Personal Information?
- What are our sources of Personal Information collected?
- What types of Personal Information are collected, what do we use them for and on what basis?
- What is our legal basis for collecting Personal Information?
- Disclosure of Personal Information to third parties
- International hosting and transfer of information
- Information security
- Retention of your Personal Information
- Use of Artificial Intelligence
- Marketing
- Children
- Your rights in jurisdictions covered by the GDPR and similar laws
- Regional Disclosures (for residents of the US, Middle East and APAC regions)
- Links
- Changes to this notice
- Definitions
- Contact Details
Scope of this notice
The global notice applies to Personal Information which is collected and/or used (processed) by FTI Consulting in its capacity as a Controller as that term (or another term with equivalent meaning) is defined in the EU General Data Protection Regulation (GDPR) and other similar laws (e.g., UK GDPR and UK Data Protection Act 2018, Brazil’s Lei Geral de Proteção de Dados or the Dubai International Financial Centre DIFC Data Protection Law 2020).
Jurisdictional scope of this Global Privacy Notice
This Global Privacy Notice provides the details about our global privacy standards, however where there is a conflict with local country/state laws then local country/state laws will take precedence.
US residents should also review the section of this Global Privacy Notice addressing their rights.
APAC residents should review the section of the notice applicable to them where variations apply.
Middle East residents should review the section of the notice applicable to them where variations apply.
Where a country/jurisdiction/state is not listed, this Global Privacy Notice seeks to provide general transparency about our approach to processing and safeguarding your Personal Information.
Substantive scope of this Global Privacy Notice
When we provide Services to clients, we sometimes handle Personal Information as a Processor (for example, the hosting of client data on our e-discovery platforms). This means that we process the information solely on the instructions of our clients, who retain control of the information. Processing of this nature is outside of the scope of this Global Privacy Notice. Therefore, if our use of your Personal Information is not covered by this Global Privacy Notice, you may need to contact the client (and controller) on whose behalf the processing of your information is carried out.
For purposes of this Global Privacy Notice, “Personal Information” means information that is related to an identified or identifiable individual or is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or with a household in some countries it is referred to as "personal data". See the Definitions for other terms used in this Global Privacy Notice.
Quick Read
This Global Privacy Notice applies to individuals acting as corporate representatives for our clients and prospective clients, any clients / prospective clients who are individual consumers, website visitors, recruitment applicants and other third parties such as event attendees from whom FTI collects Personal Information for purposes including but not limited to:
- Managing relationships with clients and providing business advisory services
- Analyzing and improving its delivery of services,
- Marketing its services to clients and prospective clients, and
- Administering recruitment and events.
FTI’s websites are not directed at children under the age of 16 and we will not knowingly collect or maintain information of minors except for the provision of professional services.
Where your information may be transferred as a part of FTI’s business operations (internationally as well as to third parties), all necessary measures will be taken to protect it.
Certain global privacy laws provide individuals with several rights in relation to their Personal Information, including (but not limited to) the right to access, correct and delete your information. While the extent of these rights varies depending on your jurisdiction as well as how and why FTI uses your information, reasonable steps will be taken to address your request in line with applicable laws and standards.
To submit a request regarding your Personal Information, submit an enquiry to FTI via email at dpo@fticonsulting.com.
Who is controller of your Personal Information?
The FTI Consulting entity responsible for your Personal Information will be the entity that originally collected information from or about you. If you have a direct interaction with FTI Consulting (for example, you attend an FTI Consulting hosted event), the identity of your controller may be disclosed to you in connection with that interaction. If we process your Personal Information while providing our Services to clients, in our capacity as a controller, then the FTI entity providing the Services as specified in applicable contract terms will be the controller. Please note that the contact details for all FTI entities in respect of data protection or privacy issues are the same, and can be found in the section listing Contact Details.
Our Approach
FTI Consulting is committed to safeguarding Personal Information processed about you. Our approach to data protection is grounded in transparency, accountability, and full compliance with applicable global laws and standards. We honor the trust you place in us by embedding ethical practices, respect for individual rights, and responsible data management into every stage of the data lifecycle. We ensure that privacy is integrated into all aspects of our operations, reflecting our core values of integrity, respect, and empathy.
When do we collect Personal Information?
We collect information about you if:
- you use this (or any other FTI Consulting) website;
- you enquire about, or engage FTI Consulting to provide, its Services (either in a personal capacity, or as a representative for your employer or client);
- the use of your Personal Information is reasonably necessary to provide our Services (in these circumstances, your Personal Information may be disclosed to us by our client who may, for example, be your employer or service provider, or we may obtain your Personal Information from a range of public or subscription sources, directly from you, or from your associates or persons known to you);
- you apply for a position with FTI Consulting;
- you attend an FTI Consulting hosted or sponsored event or webinar;
- you visit an FTI Consulting exhibit booth at a conference or industry event;
- you invest in FTI Consulting stock (please see our investor site for more information);
- you contact us with any other enquiry, complaint or notice; or
- we acquire a company or employer, or assets of a company or employer that has your information.
What are FTI sources for Personal Information collection?
When FTI collects Personal Information about you, sources of data include:
- You, as described in the section above titled “When do we collect Personal Information”.
- Service providers, for example, analytics providers, IT, and system administration services.
- Affiliated companies, for example, so that we can assist other companies in the FTI Consulting family of companies in providing you with products or services.
- Automated technologies, for example, browsing activity collected by automated technologies on the website.
- Third parties, for example, lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.
- Public sources, for example, public databases.
- Marketing/advertising companies, for example, from social media platforms, consumer research companies, and analytics or marketing/advertising companies.
- Surveillance/recording technologies installed by FTI Consulting, for example, video surveillance in common areas of FTI Consulting facilities, voicemail technologies, and audio recording technologies with consent to the extent required by law.
- Government or administrative agencies, for example, law enforcement, public health officials, and other government authorities.
- Acquired entity, if FTI Consulting acquired another entity, we might collect Personal Information from that entity.
What is our legal basis for collecting Personal Information?
Certain laws, including but not limited to the GDPR, require us to establish a ‘lawful basis’ for our processing of your Personal Information. In the majority of cases, processing will be justified on the basis that:
- the processing is necessary for the performance of a contract to which you are a party, or to take steps (at your request) to enter into a contract (e.g. where you request certain Services as an individual client);
- the processing is necessary for us to comply with a relevant legal obligation (e.g. where we are required to collect certain information about our clients for tax or accounting purposes, or where we are required to make disclosures to courts or regulators); or
- the processing is necessary for the performance of a task carried out in the public interest (e.g. background checks for anti-money laundering and terrorist financing purposes); or
- the processing is in our legitimate interests*, subject to due consideration for your interests and fundamental rights (this is the basis we rely upon for the majority of the processing of Personal Information in connection with the provision of our Services, and also for the purposes of most client on-boarding, administration and relationship management activities).
*Variations of lawful basis interpretation may apply in certain countries in relation to the provision of services. We apply the appropriate lawful basis as per the applicable country laws. For example the lawful basis of contract rather than legitimate interest applies in jurisdictions including (but not limited to) the UAE and China.
In limited circumstances, we will use your consent as the basis for processing your Personal Information, for example, where we are required by applicable law to obtain a prior consent in order to send you marketing communications.
Before collecting and/or using any special categories of data (as defined in the GDPR, or an equivalent term as defined by other privacy laws), we will apply a lawful basis or rely on exemptions which will allow us to use that information.
What types of Personal Information are collected and what do we use them for?
The following is a summary of the types of Personal Information we collect, the purposes for which that information is used and the lawful basis. For more details about lawful basis see the details in this section.
Website Users
The following detail applies to website users:
| FTI processes your Personal Information for the following purposes: | Categories of Personal Information that may be processed for the stated purpose are: | Legal basis for processing that may apply where applicable: |
|---|---|---|
| To respond to enquiries submitted through the ‘Contact Us’ form or email. |
|
Legitimate Interest Contractual Necessity |
| To provide additional support and/or services based on enquiries and complaints submitted |
|
Legitimate Interest Contractual Necessity |
| To ensure effective operations of our websites, align presentation of services more closely to your requirements e.g. based on geography and to analyze trends, such as user behaviour on the websites. Any tracking detail captured is anonymized, aggregated and used to administer the website and learn about user behaviour. Refer to our Cookie Policy for details. |
|
Legitimate Interest for essential features and consent where use of these tracking/cookie tools is required by applicable country law. |
| To identify you when FTI Consulting feels that it is necessary, for example when FTI believes in its sole discretion that it is necessary to enforce compliance with this Privacy Policy to protect its services, systems, websites, information, employees, business partners, subsidiaries, affiliates, users, customers or others |
|
Legitimate Interest |
| To identify you when required by law or for law enforcement purposes |
|
Legal Obligation |
FTI Consulting’s Former, Current and Prospective Clients
The following detail applies to former, current and prospective clients:
| FTI processes your Personal Information for the following purposes: | Categories of Personal Information that may be processed for the stated purpose are: | Legal basis for processing that may apply where applicable: |
|---|---|---|
| To maintain communications with former, current and prospective clients. |
|
Contractual Necessity Legitimate Interest |
| Communication with prospective and former clients (relationship management) |
|
Legitimate Interest |
| To facilitate participation in FTI Consulting’s events and manage relationships with actual or prospective client. |
|
Consent Legitimate Interest |
| To carry out Know‑Your‑Client (KYC) and Anti-Money Laundering (AML) and terrorist financing background checks |
|
Legal Obligation |
| To carry out client service billing and administration |
|
Contractual Necessity Legitimate Interest |
| To send newsletters, know-how, promotional material and other marketing communications |
|
Consent Legitimate Interest |
| To enable the capturing of audio and visual footage during events and interviews. |
|
Consent Legitimate Interest |
| To facilitate use of applicable Customer Portals (such as FTI Technology) to provide access to its solutions, perform services for its clients and manage client relationships. |
|
Contractual Necessity Legitimate Interest |
Candidates
The following detail applies to FTI’s job candidates:
| FTI processes your Personal Information for the following purposes: | Categories of Personal Information that may be processed for the stated purpose are: | Legal basis for processing that may apply where applicable |
|---|---|---|
| To facilitate the candidate application, interview, assessment and onboarding process. |
|
Contractual Necessity |
| To facilitate any candidate application screening activities |
|
Legal Obligation |
| To facilitate human capital reporting and ensure compliance with applicable laws |
|
Legal Obligation |
| To facilitate FTI’s human capital reporting and HR initiatives |
|
Consent for processing special‑category data for equality monitoring |
| To facilitate participation in FTI Consulting’s events and manage relationships with prospective candidates/employees. |
|
Legitimate Interest |
Stockholders
The following detail applies to FTI Consulting stockholders:
| FTI processes your Personal Information for the following purposes: | Categories of Personal Information that may be processed for the stated purpose are: | Legal basis for processing that may apply where applicable |
|---|---|---|
| To facilitate the stockholder registration process. |
|
Contractual Necessity Legal obligation Legitimate interests |
Vendors, Suppliers and Contractors
The following detail applies to vendors, suppliers and contractors:
| FTI processes your Personal Information for the following Purposes: | Categories of Personal Information that may be processed for the stated purpose are: | Legal basis for processing that may apply where applicable |
|---|---|---|
| To complete transactions and appropriate screening activities as required. |
|
Legal obligation Legitimate interests |
Performing Services for Our Clients
The following details apply in relation the performance of our services:
| Service | Why is Personal Information Used? | What legal bases are relied upon? |
|---|---|---|
| Corporate Finance and Restructuring | In providing clients with advice on potential M&A transactions or corporate restructurings, or similar activities undertaken to assist clients with corporate operations, or in the event of an insolvency process, we may have access to client provided personal information about employees or customers (of either our client or the corporate target) which is relevant to our analysis of our client's position, for example, a spread sheet containing details of a target's key employees with their job titles and salaries. | Legitimate interest in advising clients on corporate finance transactions or with respect to insolvency processes or arrangements involving consideration of a company's employee or customer base. |
| Risk and Investigations | FTI Consulting carries out corporate investigation and business intelligence services for our clients. These require FTI Consulting's professionals to carry out research regarding companies and individuals of interest to our clients, by using a variety of carefully vetted techniques. These may include the researching of public registers and subscription -only databases, (typically off-the-record and anonymized) interviewing of professional and personal associates, and consultation of media sources. The personal information gathered in this field of work is necessarily diverse, and is typically compiled into a confidential report for the consultation and further use of our client. | Legitimate interest in providing investigatory and intelligence services for clients which involve the detailed consideration of companies and persons identified by our clients. |
| Cybersecurity | FTI Consulting carries out proactive and reactive cybersecurity services for our clients. The activities include incident response management where access to a range of client related personal information may be gathered from various sources as part of incident investigation, analysis and remediation. | Legitimate interest in providing cybersecurity services for clients which involves details of companies and persons associated with our clients. |
| Strategic Communications | FTI Consulting has a team of experts who are experienced in designing and implementing communication strategies for clients. In order to provide clients with tailored, intelligence led strategies, FTI Consulting may be given, and may pro-actively collect through its own research, personal information about key individuals or parties involved in an issue or incident about which our client has requested communications advice. | Legitimate interest in providing public relations consultation to clients, including in relation to the handling of situations relating to or involving particular individuals.* |
| Compass Lexecon | Our Compass Lexecon business provides economic and financial advisory services, for example in the fields of securities litigation, mergers or anti-trust investigations and compliance. This may include providing advice to clients, courts, tribunals and regulators. Inputs to some of these analyses may necessarily include personal information provided for that purpose by the client, or disclosed by another party to a regulatory or judicial process. Such information may include: names; salaries, benefits or other remuneration received; or decisions taken or choices made about spending or other matters. | Legitimate interest in providing economic and financial advisory services to clients, courts, tribunals and regulators in relation to a consideration of factors pertaining to staff, customers, the public interest, or other individual people or groups of people.* |
| Economic and Financial Consulting | FTI Consulting provides economic, financial, valuation and accountancy advice to clients, courts, tribunals and regulators. Inputs to some of these analyses may necessarily include personal information provided for that purpose by the client, or disclosed by another party to a regulatory or judicial process. Such information may include: names; salaries, benefits or other remuneration received; or decisions taken or choices made about spending or other matters. | Legitimate interest in providing economic, financial, valuation or accountancy advice to clients, courts, tribunals and regulators in relation to a consideration of factors pertaining to staff, customers or other individual people or groups of people.* |
| Forensic Accounting, Investigation, Analytics and Litigation Support | FTI Consulting investigates suspected or actual financial irregularities or regulatory breaches and provides expertise, dispute resolution and litigation support for clients to resolve and remediate issues. We also address threat identification and compliance. This may include having access to personal information concerning names, salary and benefit information, job titles and professional history and email content of employees or business partners of the client requiring these services. Our work may require appropriate review of banking and trading account information, including detailed financial transactions of our client’s customers. | Legitimate interest in providing forensic services to clients involving detailed examination of a client's business documents and information, including records of accounts and transactions of their customers.* |
| Health Solutions | FTI Consulting's Health Solutions professionals provides advice to healthcare clients in relation to operational performance improvement, cost reduction/revenue generation, advisory and implementation requirements. In most cases, personal information which would identify underlying individuals is not provided, and in particular, information concerning health is not provided at a patient identifiable level. In some cases, non-sensitive information about a client's employees (names, job titles) may be required. | Legitimate interest in providing specialist consultancy services to healthcare providers, commissioners and regulators, including in relation to the structure of make-up of their workforces.* |
| Tax (London) | FTI Consulting's tax team advises on employee share incentive schemes, for which it may need access to details about the names, share allocations and national insurance numbers of a client's share scheme members, and on personal tax filings and VAT compliance, for which names, addresses, personal tax information and VAT information respectively may be required. | Legitimate interest in providing advisory services to clients in the fields of share incentive schemes, tax filings and VAT compliance.* Where the client is a natural person - performance of a contract to which the client is a party. |
When conducting the services highlighted above, FTI will process a range of Personal Information. Although the categories of information we collect and process will vary on a project-by-project basis, this may include (but is not limited to):
- Personal identification (e.g. full name, age, date of birth, gender, race or ethnicity, religious beliefs, geolocation information children’s names, parents’ names)
- Contact information (e.g. address, email address, telephone number)
- Employment information (e.g. job title, start date, salary wage, bullying and harassment details)
- Education and skills (e.g. education and training history, educational degrees, languages)
- Financial information (e.g. bank account number, routing number)
- Government identifiers (e.g. national identification number, passport number, SSN)
- Professional experience and affiliations (e.g. professional memberships, certifications)
- Travel and expense (e.g. expense details, travel booking details, travel history)
- User account information (e.g. account age, account number)
- Background checks (e.g. criminal history, driving citations, criminal records)
- Browsing information (e.g. browsing time, IP address, cookie information)
- Commercial information (e.g. contents of contract, purchasing tendencies, records of personal properties)
- Health insurance information (e.g. appeals records information, insurance policy information)
- Social information (e.g. social media account information, social media history)
FTI Technology services are not included here as that business unit primarily functions as a data processor for its clients and our processing associated with these services are outside of the scope of this Global Privacy Notice. For more information regarding how FTI Technology processes data for its clients, please refer to the terms of your contract and https://www.ftitechnology.com/trust.
*In all cases where legitimate interest is relied upon as a lawful basis for processing Personal Information, FTI Consulting takes steps to ensure that its legitimate interests are not outweighed by any prejudice to the rights and freedoms of the underlying data subjects. This is achieved in a number of ways, including through the application of principles of data minimization and security, and by taking steps to ensure that Personal Information is only collected or otherwise obtained where it is relevant to the provision of Services to a client, and where access to Personal Information for FTI Consulting is reasonably necessary for the provision of those Services.
Disclosure of Personal Information to Third Parties
FTI Consulting will not sell or share your Personal Information to third parties other than as described in this Global Privacy Notice unless FTI Consulting has your permission, as agreed in contract terms and any applicable Data Protection Agreement (“DPA”) or is required or permitted by law. FTI Consulting may share such information with its affiliates as necessary to carry out the purposes for which the information was supplied or collected. Similarly, third party contractors, consultants and/or vendors engaged by FTI Consulting to provide services may have access to your Personal Information. These third parties will be subject to their own data protection requirements providing the same or greater level of security provided by FTI Consulting and in most instances will also have entered into a written agreement with FTI Consulting which addresses the protection of your Personal Information.
FTI Consulting may also share your Personal Information for the purposes of:
- responding to requests from law enforcement agencies, regulators or courts, or to subpoenas, search warrants, or other legal requests;
- the prevention and/or detection of crime;
- establishing legal rights or to investigate or pursue legal claims;
- a merger, acquisition or corporate restructuring to which FTI Consulting is subject;
- preventing risk of harm to an individual.
International Hosting and Transfer of Information
FTI Consulting is a global organization and may transfer certain Personal Information collected on its websites across geographical borders to FTI Consulting offices, personnel, or third parties located throughout the world. FTI facilitates global transfers between its international offices via the use of applicable contract terms such as country legally prescribed standard contract clauses or equivalent. FTI Consulting may also process such information in a jurisdiction other than where you are based including but not limited to the European Economic Area (“EEA”), United Kingdom, United States, Middle East, Africa, Asia Pacific, North and Latin America.
FTI Consulting will take appropriate steps to ensure that transfers of Personal Information comply with applicable laws and are carefully managed to protect your privacy rights and interests. Transfers are limited to countries which are recognized as providing an adequate level of legal protection or FTI will ensure appropriate safeguards are in place to protect your privacy rights. This includes ensuring that:
- Transfers of Personal Information to FTI Consulting's global offices are protected through contractual commitments (such as the Standard Contractual Clauses). FTI Consulting also maintains certifications under the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF schemes, which continue to provide additional privacy safeguards.
- Transfers of Personal Information to third parties outside of FTI consulting are subject to contractual commitments (such as the Standard Contractual Clauses)
- Transfer risk assessments (also known as transfer impact assessments) are undertaken where necessary to ensure any risks are suitably identified and mitigated.
- Should we receive requests for information from law enforcement, courts or regulators (who may be based overseas), we will carefully validate these requests before any Personal Information is disclosed.
You may contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your Personal Information when this is transferred as mentioned above.
Information Security
FTI Consulting implements reasonable technical safeguards, security policies and procedures to protect Personal Information from unauthorized loss, misuse, alteration, or destruction. Despite FTI Consulting’s best efforts, however, security cannot be absolutely guaranteed against all threats.
Retention of your Personal Information
FTI Consulting retains your Personal Information (1) for the period required for the purposes for which it was collected including any further compatible purposes which we subsequently establish; (2) where we have an appropriate lawful basis to retain it for longer, for example your consent and/or (3) to comply with legal, regulatory and FTI Consulting policy requirements. This period will usually be the period of your, or the relevant client's, relationship or contract and applicable Data Protection Agreement (“DPA”) with FTI Consulting plus a period reflecting the length of time for which legal claims may be made following the termination of such relationship or contract. Some information (such as call recordings, tax records and certain information required to demonstrate regulatory compliance) may need to be kept for longer. Personal Information will be kept for a shorter or longer period of time if so required by law or an FTI Consulting policy, if the information becomes subject to a legal hold (for example, following a request from our regulator) or if we have identified through a data protection impact assessment that a different retention period is appropriate.
Use of Artificial Intelligence
FTI Consulting is committed to innovating responsibly and managing Artificial Intelligence ‘AI’ risks effectively. FTI uses AI technologies in accordance with applicable laws and regulations governing the use of AI technology.. Where Personal Information is processed via an AI tool, FTI will implement applicable privacy controls including but not limited to:
- Wherever feasible, FTI undertakes using deidentified data alternatives such as pseudonymized, anonymized, or synthetic data;
- Only processing Personal Information for specific purposes defined at the time of collection and/or as may be agreed otherwise;
- Conduct the appropriate assessments and testing to incorporate responsible, lawful and ethical AI solutions.
Marketing
FTI Consulting may send you information related to its services, products and events that we believe are of interest to you, subject to adherence to applicable country laws. This information may be sent by post or via email. If at any point you no longer prefer to receive marketing communications from FTI Consulting you can (i) unsubscribe from FTI Consulting communications sent by email using a link provided in marketing emails sent from FTI Consulting; or (ii) contact us to exercise your right to prevent all forms of marketing (both post and email).
Children
FTI Consulting’s websites are not intentionally designed for or directed at children under the age of 16. It is FTI Consulting’s policy never to knowingly collect or maintain information about anyone under the age of 16, except as part of an engagement to provide professional services.
Your Rights in Jurisdictions Covered by the GDPR and Similar Laws
If your Personal Information is processed by an FTI Consulting entity in the EEA, Brazil, Middle East or another jurisdiction that has adopted the GDPR or similar rules, then, subject to certain exemptions, and dependent on how and why we use it, you have certain rights in relation to your Personal Information. The rights described below may vary depending on the specific laws that apply to you.
We may ask you for additional information to confirm your identity before disclosing any Personal Information to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
You can exercise your rights by contacting us. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly or inform you if we require further information in order to fulfil your request.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others or involve the disclosure of personal data of other individuals, or if we are legally entitled to deal with the request in a different way.
Right to Access
You have the right to access Personal Information which FTI Consulting holds about you, together with certain information about how and why your Personal Information is processed. This right is subject to certain exemptions which will be considered and applied on a case-by-case basis (by way of example, we do not need to disclose materials which are subject to legal privilege).
Right to Rectification
You have a right to request us to correct your Personal Information where it is inaccurate or out of date.
Right to be Forgotten (Right to Erasure)
You have the right under certain circumstances to have your Personal Information erased. Your information can only be erased if it is no longer necessary for the purpose for which it was collected, and we have no other legal ground for processing the information.
Right to Restrict Processing
You have the right to restrict the processing of your Personal Information, but only where:
- its accuracy is contested, to allow us to verify its accuracy; or
- the processing is unlawful, but you do not want it erased; or
- it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
- you have exercised the right to object, and verification of overriding grounds is pending.
Right to Data Portability
You have the right to data portability, which requires us to provide Personal Information to you or another controller in a commonly used, machine readable format, but only where the processing of that information is based on (i) consent; or (ii) the performance of a contract to which you are a party. Please note that FTI Consulting rarely relies upon consent as a legal basis, and the performance of a contract basis will only be relevant to the extent that you, as an individual, are party to a contract with FTI Consulting or a client, and our use of your Personal Information is necessary for the performance of that contract.
Right to Object to Processing
You have the right to object to the processing of your Personal Information at any time, but only where that processing is based on our legitimate interests. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
If you have any specific concerns about this Global Privacy Notice or your data (including, without limitation, if you would like to exercise your right to access, review, erase, correct or discuss how your Personal Information is processed), please contact us via:
Email (for residents of any country): dpo@fticonsulting.com
Post: Data Protection Officer, c/o the Legal department, FTI Consulting, Inc., 200 Aldersgate St, Barbican, London EC1A 4HD, United Kingdom
FTI Consulting will make all reasonable and practical efforts to comply with your request, so long as it is consistent with applicable law and professional standards.
In addition, under applicable local law you may have the legal right to lodge a complaint with the relevant supervisory authority or local data protection authority. See Contact Details for lists of applicable Regulator details.
US Disclosures
This section provides additional information for US residents, as required by applicable data privacy laws that grant individuals certain rights regarding their Personal Information. These laws generally require that businesses provide clear and transparent disclosures about (non-exhaustive list):
- What categories of Personal Information are collected;
- The purposes for which Personal Information is used;
- Whether Personal Information is shared or sold;
- The parties with whom Personal Information may be shared or sold;
- The rights consumers may have in relation to their Personal Information;
- How those rights can be exercised.
This Global Privacy Notice is intended to satisfy notice requirements under applicable laws and applies to Personal Information collected by FTI Consulting in its capacity as a data controller.
Categories of Personal Information that We Collect
For information regarding when FTI collects your Personal Information, see When do we collect Personal Information.
We describe the categories of Personal Information we process and the purposes for which they are used in the What types of Personal Information are collected and what do we use them for? section and in the context of our Services, in the Performing Services for Our Clients section.
Retention of your Personal Information
For information about the retention of your Personal Information, refer to the section ‘Retention of your Personal Information’.
Disclosures for Business Purposes
FTI Consulting does not disclose Personal Information for commercial purposes other than to those as listed below:
- SERVICE PROVIDERS: For the business purpose of performing services on FTI Consulting’s behalf and, in particular, for the specific purposes described in “What types of Personal Information are collected and what do we use it for?” section.
- AUDITORS, LAWYERS, CONSULTANTS, and ACCOUNTANTS engaged by FTI Consulting: For the business purpose of auditing compliance with policies and applicable laws, in addition to performing services on FTI Consulting’s behalf.
- AFFILIATED COMPANIES: To other companies within the FTI family of companies for the business purposes of (1) auditing compliance with policies and applicable laws, (2) helping to ensure security and integrity, (3) debugging, (4) short-term transient use, (5) performing services on behalf of FTI Consulting, (6) internal research, and (7) activities to maintain or improve the quality or safety of a service or device.
No Sales or Sharing
FTI does not sell or share your Personal Information to third parties other than as described in the detailed Disclosure of Personal Information to Third Parties section in the main body of this Global Privacy Notice.
The Categories of Sources from Which We Collect Personal Information
For information on the categories of sources from which FTI collects your information, see the section What are FTI sources for Personal Information collection.
Aggregated and Deidentified Information
We may aggregate and/or deidentify information, use it internally, and disclose it to third parties. Neither Aggregated Information nor Deidentified Information is Personal Information.
We maintain Deidentified Information in a deidentified form and do not attempt to reidentify it, except that we may attempt to reidentify the information just to determine whether our deidentification processes function correctly.
US Residents’ Rights
Depending on the US state in which you reside, you may be entitled to privacy rights including
Notice at Collection
FTI may be required to notify you, at or before the point of collection of your Personal Information, including about the categories of Personal Information collected and the purposes for which such information is used.
Right of Deletion
You may have the right to request the deletion of the Personal Information that we have collected about you, subject to certain exemptions, and to have such Personal Information deleted, except where it is necessary for the data to be retained.
Right to Correct
You may have the right to request the correction of inaccurate Personal Information held by FTI about you, taking into account the nature of the Personal Information and the purposes of processing the Personal Information.
Right to Know/Information
You may have the right to request that we provide you with information about how we have handled your Personal Information, including the:
- categories of Personal Information collected;
- categories of sources of Personal Information;
- business and/or commercial purposes for collecting and selling their Personal Information; and
- categories of Personal Information that we disclosed for a business purpose, and for each category identified, the categories of third parties to whom we disclosed that particular category of Personal Information.
California Residents also have the right to know (and access) specific pieces of information that have been collected about them in the last 12 months, such as names, addresses, email addresses, purchase history, etc. Further job applicants from California are able to review FTI’s applicable Candidate Notice as part of the application process.
Right to Appeal
US residents in states including but not limited to Colorado, Connecticut and Virgina have a right to appeal our denial of any request made in relation to their Personal Information. FTI will respond to appeals within the timeframe required by law, provide a written explanation in support of our response and provide any additional information as required by law.
Right to Opt Out of Targeted Advertising
In states including (but not limited to) California, Virginia and Florida you have the right to opt out of the processing of your Personal Information for the purposes of targeted advertising.
Right to Limit the Use of Sensitive Information
In states such as California, Texas, Oregon and others, you can limit the use and disclosure of your sensitive information to what is necessary for us to provide a service.
Note on Sensitive Personal Information: FTI Consulting does not infer characteristics from sensitive Personal Information. FTI Consulting only uses sensitive Personal Information as necessary to perform its services, to ensure security and integrity, or for other purposes permitted by law without the right to opt out.
Right to Opt Out of Sale or Sharing of Personal Information
In US states including (but not limited to) California, Florida and Texas you may opt out of the sale and sharing of your Personal Information.
Right to Non-Discrimination, and Incentives
US states including (but not limited to) California, Colorado and Virginia prohibit us from discriminating against you for exercising your rights as highlighted above under applicable laws.
If you have any specific concerns about this Global Privacy Notice or your data (including, without limitation, if you would like to exercise your right to access, review, erase, correct or discuss how your Personal Information is processed), refer to our Contact Details.
FTI Consulting will make all reasonable and practical efforts to comply with your request, so long as it is consistent with applicable law and professional standards.
In addition, under applicable local law you may have the legal right to lodge a complaint with the relevant regulatory authority. See the Contact Details for applicable details.
Middle East Disclosures
This section provides additional information for residents of the Middle East, as required by applicable data privacy laws including (but not limited to) the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the UAE PDPL), the DIFC Data Protection Law No. 5 of 2020, the ADGM Data Protection Regulations 2021, the QFC Data Protection Regulations 2021 and the Saudi Arabia Personal Data Protection Law (KSA PDPL).
Who is your controller?
Unless otherwise specified in an applicable agreement, the FTI entity that originally collected your Personal Information will act as the data controller. This may vary depending on your relationship with us and your location within the Middle East.
Processing of Personal Information
For information regarding when FTI collects your Personal Information, see the section When do we collect Personal Information.
We describe the categories of Personal Information we process and the purposes for which they are used in the What types of Personal Information are collected and what do we use them for? section and in the context of our Services, in the Performing Services for Our Clients section.
Note that whenever processing Personal Information, FTI Consulting implements appropriate technical and organizational measures to ensure its ongoing security, integrity, and confidentiality. For further information about our information security processes, please refer to Information Security.
What is our legal basis for collecting Personal Information?
When processing your Personal Information, we will rely on the legal bases highlighted above in the section What is our legal basis for collecting Personal Information?.
Note that legitimate interest is not generally as a legal basis for data processing activities in certain jurisdictions within the Middle East region. Therefore, where legitimate interest is noted as FTI’s legal basis for processing activities in other sections of this Policy, an alternative legal basis has been relied upon for those jurisdictions. For example, the processing of client data is generally conducted based on the legal basis of contractual necessity.
Retention of your Personal Information
For information about the retention of your Personal Information, refer to the Retention of your Personal Information section.
Sale and disclosure of Personal Information
For information regarding FTI Consulting’s policies about whether FTI may sell or share your Personal Information, refer to Disclosure of Personal Information to Third Parties.
International hosting and transfer of information
As a global organization FTI may transfer Personal Information internationally to FTI Consulting offices, personnel, or third parties located throughout the world. Where such transfers occur, FTI will implement appropriate safeguards (for example contractual protections, such as Standard Contractual Clauses) in accordance with applicable local data protections laws.
For more information about FTI’s data transferring practices, refer to the additional details described in International Hosting and Transfer of Information.
Your Rights
To understand your rights in relation to your Personal Information and how to exercise them, refer to Your Rights in Jurisdictions Covered by the GDPR and Similar Laws and see Contact Details where required.
Registration
Where required, FTI is registered with local regulators/authorities to ensure that data processing complies with applicable data protection laws.
APAC Disclosures
This section provides additional information for residents of the Asia Pacific region, as required by applicable data privacy laws including (but not limited to) the Australian Privacy Act 1988, Indian Digital Personal Data Protection Act, 2023 (DPDPA) and Singapore Personal Data Protection Act 2012.
Who is your controller?
As highlighted above, the controller - or its equivalent under various privacy laws, such as a Personal Information Processor under Chinese law or Data Fiduciary under Indian law, responsible for the processing of your Personal Information will be the FTI entity that originally collected information about you.
Processing of Personal Information
For information regarding when FTI collects your Personal Information, see the section When do we collect Personal Information.
We describe the categories of Personal Information we process and the purposes for which they are used in the What types of Personal Information are collected and what do we use them for? section and in the context of our Services, in the Performing Services for Our Clients section.
Note that whenever processing Personal Information, FTI Consulting implements appropriate technical and organizational measures to ensure its ongoing security, integrity, and confidentiality. For further information about our information security processes, please refer to Information Security.
The Categories of Sources from Which We Collect Personal Information
For information on the categories of sources from which FTI collects your information, see the section What are FTI sources for Personal Information collection.
What is our legal basis for collecting Personal Information?
When processing your Personal Information, we will rely on the legal bases highlighted above in the section What is our legal basis for collecting Personal Information?.
Note that legitimate interest is not generally recognized as a legal basis for data processing activities in many countries within the Asia-Pacific (APAC) region. Therefore, where legitimate interest is noted as FTI’s legal basis for processing activities listed above, an alternative legal basis has been relied upon.
Retention of your Personal Information
For information about the retention of your Personal Information, refer to Retention of your Personal Information above.
International hosting and transfer of information
As a global organization FTI may transfer Personal Information internationally to FTI Consulting offices, personnel, or third parties located throughout the world.
For information about FTI’s data transferring practices, refer to International Hosting and Transfer of Information.
Registration
Where required, FTI is registered with local regulators/authorities to ensure that data processing complies with applicable data protection laws.
Links
FTI Consulting websites may contain links to other sites, including websites maintained by FTI Consulting affiliates that are governed by other privacy policies/notices that may differ somewhat from this one. Users should review the privacy policy/notice of each website visited before disclosing any Personal Information. To the extent that FTI Consulting provides links to third party websites, such links do not constitute an endorsement, sponsorship, or recommendation by FTI Consulting of the third parties, the third-party websites, or the information contained on those websites, and FTI Consulting is not responsible or liable for your use of such third party websites. Where appropriate you should review the privacy polices/notices of any websites or applications before submitting Personal Information.
Contact Details
If you have questions or concerns regarding this Global Privacy Notice or FTI Consulting’s Personal Information processing policies, please contact FTI Consulting at:
Via email (for residents of any country): dpo@fticonsulting.com
Via post: Data Protection Officer, c/o the Legal department, FTI Consulting, Inc., 200 Aldersgate St, Barbican, London EC1A 4HD, United Kingdom
If you are an EEA data subject, FTI Consulting’s appointed EU Representative and contact point under EU GDPR is FTI Consulting Management Solutions Limited. If you are a UK data subject, FTI Consulting’s appointed UK Representative and contact point under UK GDPR is FTI Consulting LLP.
Where you are not satisfied with FTI’s approach to handling any data protection matters following escalation to dpo@fticonsulting.com then you can contact your applicable data protection regulator. A list of some applicable country/state regulators and contact details are provided below:
EMEA
| Region | Regulatory Authority |
|---|---|
| Belgium | Autorité de la protection des données / Gegevensbeschermingsautoriteit Telephone no.: +32 2 274 48 00 Email address: contact@apd-gba.be Postal address: Rue de la Presse 35 – Drukpersstraat 35, 1000 Bruxelles Webpage: apd-gba.be |
| Denmark | Datatilsynet Telephone no.: +45 33 19 32 00 Email address: dt@datatilsynet.dk Postal address: Carl Jacobsens Vej 35, 2500 Valby Webpage: datatilsynet.dk |
| Finland | Office of the Data Protection Ombudsman Telephone no.: +358 29 566 6700 Email address: tietosuoja@om.fi Postal address: Lintulahdenkuja 4, 00530 Helsinki Webpage: tietosuoja.fi |
| France | Commission Nationale de l'Informatique et des Libertés (CNIL) Telephone no.: +33 1 53 73 22 22 Postal address: 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07 Webpage: cnil.fr |
| Germany | Baden-Württemberg: Landesbeauftragte für Datenschutz und Informationsfreiheit Telephone no.: +49 711 6155 410 Email address: poststelle@lfdi.bwl.de Webpage: https://www.baden-wuerttemberg.datenschutz.de/ Bavaria (Bayern): Bayerischer Landesbeauftragter für den Datenschutz |
| Ireland | Data Protection Commission Telephone no.: +353 1 7650100 Email address: info@dataprotection.ie Postal address: 21 Fitzwilliam Square, D02 RD28 Dublin 2 Webpage: dataprotection.ie |
| Spain | Agencia Española de Protección de Datos (AEPD) Telephone no.: +34 901 100 099 Email address: contacto@aepd.es Postal address: Calle Jorge Juan, 6, 28001 Madrid, Spain Webpage: www.aepd.es |
| Sweden | Integritetsskyddsmyndigheten (IMY) Telephone no.: +46 (0)8 657 61 00 Email address: imy@imy.se Postal address: Fleminggatan 14, 7th Floor, Stockholm, Sweden Webpage: www.imy.se |
| Switzerland | Federal Data Protection and Information Commissioner (FDPIC) Telephone no.: +41 (0)58 462 43 95 Email address: info@edoeb.admin.ch Postal address: Feldeggweg 1, CH-3003 Bern, Switzerland Webpage: www.edoeb.admin.ch |
| United Kingdom | Information Commissioner’s Office (ICO) Telephone no.: +44 303 123 1113 Email address: casework@ico.org.uk Postal address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom Webpage: www.ico.org.uk |
Middle East
| Region | Regulatory Authority |
|---|---|
| Dubai International Financial Centre (DIFC, UAE) | DIFC Commissioner of Data Protection Telephone no.: +971 4 362 2222 Email address: commissioner@dp.difc.ae Postal address: P.O. Box 74777, Dubai, United Arab Emirates Webpage: https://www.difc.com/business/registrars-and-commissioners/commissioner-of-data-protection |
| Abu Dhabi Global Market (ADGM, UAE) | ADGM Office of Data Protection Telephone no.: +971 2 333 8888 Email address: Data.Protection@adgm.com Postal address: P.O. Box 111999, Abu Dhabi, United Arab Emirates Webpage: https://www.adgm.com/operating-in-adgm/office-of-data-protection |
| United Arab Emirates (mainland) | UAE Data Office Telephone no.: Email address: info@ai.gov.ae Postal address: Emirates Towers, Dubai, UAE Webpage: https://ai.gov.ae/personal-data-protection-law/ |
| Qatar Financial Centre (QFC, Qatar) | QFC Data Protection Office Telephone no.: +974 4 496 7777 Email address: dataprotection@qfc.qa Postal address: QFC Tower 1, Opposite to City Centre Mall, West Bay, Doha, Qatar (PO Box 23245) Webpage: https://www.qfc.qa/en/operating-with-qfc/data-protection |
| Kingdom of Saudi Arabia | Saudi Data & AI Authority Telephone no.: 8001221111 Email address: Suggestions@sdaia.gov.sa Postal address: Building Code 1003-B001, Digital City, Riyadh, 12382, Kingdom of Saudi Arabia Webpage: https://www.sdaia.gov.sa |
Africa
| Region | Regulatory Authority |
|---|---|
| South Africa | Information Regulator Telephone no.: +27 (0)10 023 5200 Email address: inforeg@justice.gov.za Postal address: P.O Box 31533, Braamfontein, Johannesburg, 2017 South Africa Webpage: https://www.inforegulator.org.za |
APAC
| Region | Regulatory Authority |
|---|---|
| Australia | Office of the Australian Information Commissioner (OAIC) Telephone no.: 1300 363 992 (within Australia) / +61 2 9942 4099 (international) Email address: enquiries@oaic.gov.au Postal address: GPO Box 5288, Sydney NSW 2001, Australia Webpage: oaic.gov.au |
| China | Cyberspace Administration of China (CAC) Telephone no.: +86 10 6601 8888 Email address: contact@cac.gov.cn Postal address: No. 5, Chaoyangmen Beidajie, Chaoyang District, Beijing, China Webpage: cac.gov.cn |
| Hong Kong | Office of the Privacy Commissioner for Personal Data (PCPD) Telephone no.: +852 2827 2827 Email address: enquiry@pcpd.org.hk Postal address: 12/F, 248 Queen’s Road East, Wan Chai, Hong Kong Webpage: pcpd.org.hk |
| India | Data Protection Authority of India (DPAI) Telephone no.: +91 11 2436 0000 Email address: contact@dpai.gov.in Webpage: dpai.gov.in |
| Indonesia | Ministry of Communication and Information Technology (Kominfo) Telephone no.: +62 21 384 7886 Email address: contact@kominfo.go.id Postal address: Jl. Medan Merdeka Barat No. 9, Jakarta 10110, Indonesia Webpage: kominfo.go.id |
| Japan | Personal Information Protection Commission (PPC) Telephone no.: +81 3-6457-9849 Email address: contact@ppc.go.jp Postal address: 1-1-1 Kasumigaseki, Chiyoda-ku, Tokyo 100-8977, Japan Webpage: ppc.go.jp |
| South Korea | Personal Information Protection Commission (PIPC) Telephone no.: +603 2173 7436 / 2265 6565 Email address: info@pidm.gov.my Postal address: 13th Floor, Government Complex-Gwacheon, 47 Gwanmun-ro, Gwacheon-si, Gyeonggi-do, Korea Webpage: pipc.go.kr |
| Singapore | Personal Data Protection Commission (PDPC) Telephone no.: +65 6377 3131 Email address: contact@pdpc.gov.sg Postal address: 10 Pasir Panjang Road, #03-01 Mapletree Business City, Singapore 117438 Webpage: pdpc.gov.sg |
Americas
Canada
| Region | Regulatory Authority |
|---|---|
| Alberta | Alberta – Office of the Information and Privacy Commissioner (OIPC) Edmonton Office: Telephone no.: (780) 422-6860 Postal Address: #410, 9925 – 109 Street NW, Edmonton, AB T5K 2J8 Calgary Office: Telephone no.: (403) 297-2728 Address: Suite 2460, 801 6 Avenue SW, Calgary, AB T2P 3W2 Email address: oipc@oipc.ab.ca Webpage: https://oipc.ab.ca |
| British Colombia | Office of the Information and Privacy Commissioner (OIPC) Telephone no.: (250) 387-5629 Toll-Free: Call Service BC at (800) 663-7867 and request transfer to (250) 387-5629 Email address: info@oipc.bc.ca Postal address: PO Box: 9038 Stn. Prov. Govt., Victoria, BC V8W 9A4 Physical Address: 4th Floor, 947 Fort Street, Victoria, BC V8V 3K3 Webpage: https://www.oipc.bc.ca |
| Ontario | Information and Privacy Commissioner (IPC) Telephone no.: Toronto Area: (416) 326-3333 Toll-Free: 1-800-387-0073 TDD/TTY: (416) 325-7539 Email address: ipc@ipc.on.ca Postal address: 2 Bloor Street East, Suite 1400, Toronto, ON M4W 1A8 Webpage: https://www.ipc.on.ca |
| Quebec | Data Protection Authority of India (DPAI) Quebec Office: Address: 525, boulevard René-Lévesque Est, bureau 2.36, Québec (Québec) G1R 5S9 Phone: 418 528-7741 Montreal Office: Address: 2045, rue Stanley, bureau 900, Montréal (Québec) H3A 2V4 Phone: 514 873-4196 Telephone no.: 1 888 528-7741 Email address: General Inquiries: renseignements@cai.gouv.qc.ca Administrative Tribunal: cai.communications@cai.gouv.qc.ca Webpage: https://www.cai.gouv.qc.ca |
Latin America
| Region | Regulatory Authority |
|---|---|
| Argentina | Access to Public Information Agency (Agencia de Acceso a la Información Pública, AAIP) Postal address: Julio Argentino Roca 710, 2nd floor, Buenos Aires, Argentina Webpage: https://www.argentina.gob.ar/aaip |
| Brazil | National Data Protection Authority (Autoridade Nacional de Proteção de Dados, ANPD) Webpage: https://www.gov.br/anpd/pt-br |
| Colombia | Superintendence of Industry and Commerce (Superintendencia de Industria y Comercio, SIC) Webpage: https://www.sic.gov.co/content/data-protection-0 |
| Mexico | Ministry of Anticorruption and Good Governance (Secretaría de la Función Pública) Webpage: https://www.gob.mx/sfp |
Caribbean
| Region | Regulatory Authority |
|---|---|
| Cayman Islands | Office of the Ombudsman Telephone no.: +1 (345) 946-6283 Email address: info@ombudsman.ky Postal address: 5th Floor, Anderson Square, 64 Shedden Road, George Town, Grand Cayman, PO Box 2252, Grand Cayman KY1-1107, Cayman Islands Webpage: https://ombudsman.ky/ |
POLICY ON EU-US DATA PRIVACY FRAMEWORK (DPF), UK EXTENSION TO THE EU-US DPF, AND SWISS-US DPF**
EU-US DPF, UK Extension to the EU-US DPF, and Swiss-US DPF
FTI Consulting complies with the EU-U.S. DPF-, the UK Extension to the EU-US DPF, and the Swiss- US DPF (collectively the “DPF”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred from the member countries of the European Union (EU), the European Economic Area (EEA), the UK, and Switzerland to the United States (“Personal Information”). FTI Consulting has certified to the Department of Commerce that it adheres to the DPF Principles. If there is any conflict between the terms in this policy and the DPF Principles, the DPF Principles shall govern. To learn more about the DPF program, and to view FTI Consulting’s certifications, please visit www.dataprivacyframework.gov/s/.
FTI Consulting’s participation in the DPF applies to Personal Information received from the EU/EEA, the UK, and Switzerland. Practically, this means our clients in the EU, UK and Switzerland can share Personal Information with FTI entities established outside of the EU, UK and Switzerland without additional safeguards such as standard contractual clauses being required for such international transfers. FTI Consulting will comply with the DPF Principles in respect of such Personal Information. Some types of Personal Information may be subject to additional privacy-related requirements and policies, which are consistent with the DPF Principles. For example:
- Personal Information regarding and/or received from clients is also subject to any specific agreement with, or notice to, the client, as well as additional applicable laws and professional standards.
- Personal Information regarding FTI Consulting personnel is subject to internal human resource policies.
- Personal Information received via FTI Consulting’s websites is subject to the Global Privacy Policies.
Types of Personal Information Collected and Purpose for Collection
Personal Information from Client Engagements: FTI Consulting provides professional consulting services to its clients. FTI Consulting’s clients may send Personal Information to it for processing on their behalf as part of the consulting services they have purchased. For example, FTI Consulting may receive Personal Information such as name, email address, employment information, or financial data. FTI Consulting uses any such Personal Information to perform services for its clients and to administer and manage its relationships with its clients.
In the event that a client engagement involves a transfer of Personal Information from the EU, UK and/or Switzerland to the United States, the relevant clients are responsible for providing appropriate notice, where required, to the individuals whose Personal Information may be transferred to FTI Consulting, including providing individuals with certain choices with respect to the use or disclosure of their Personal Information, and obtaining any requisite consent. FTI Consulting handles such Personal Information in accordance with its clients’ instructions.
Personal Information from FTI Consulting Website Use: FTI Consulting may collect Personal Information when you choose to access and use FTI Consulting’s websites. Please see the Website Privacy Policy for more information regarding the types of Personal Information collected and the purposes of collection.
Personal Information Regarding FTI Technology’s Customer Portal: FTI Technology may collect Personal Information when you log in and access the FTI Technology Customer Portal. The Personal Information may include business or company email address, name on invoice, and IP address. FTI Technology uses this Personal Information to provide access to its solutions, perform services for its clients, and manage its relationships with clients.
Personal Information Regarding FTI Consulting Employees: FTI Consulting may transfer Personal Information regarding FTI Consulting personnel. This Personal Information may include, without limitation, business contact information, employee ID, job role and reporting line, demographic information, work history, compensation and performance ratings. FTI Consulting uses such information to administer and manage its business.
Choice and Accountability for Onward Transfer
FTI Consulting will not transfer, disclose, sell, distribute, or lease your Personal Information including any sensitive information to third parties other than as described in this Privacy Policy unless it has your permission or is required or permitted by law (including to meet national security or law enforcement requirements). FTI Consulting may share such information with its affiliates as necessary to carry out the purposes for which the information was supplied, collected, or received. Similarly, third party contractors, consultants and/or vendors engaged by FTI Consulting to assist it in providing its services may have access to such Personal Information (these third parties must first agree to maintain the strict confidentiality of such information and provide the same level of data security as provided by FTI Consulting). FTI Consulting remains responsible and liable under the DPF Principles if third party agents that it engages to process the Personal Information on its behalf do so in a manner inconsistent with the Principles. FTI Consulting ensures individuals can exercise choices in relation to how their Personal Information is used and provides opt out mechanisms where applicable.
Information Security and Data Integrity
FTI Consulting has reasonable security policies and procedures in place to protect Personal Information from unauthorized loss, misuse, alteration, or destruction. Despite FTI Consulting's best efforts, however, security cannot be absolutely guaranteed against all threats. To the best of FTI Consulting’s ability, access to your Personal Information is limited to those who have a need to know.
Access
If FTI Consulting holds your Personal Information, you have various rights in relation to your Personal Information as per applicable law and professional standards. To exercise rights that include but are not limited to access, to correct any inaccuracies or delete your data, then you can contact us at dpo@fticonsulting.com, and FTI Consulting will make all reasonable and practical efforts to comply with your request. Further details about applicable rights are included in our Global Privacy Notice.
Recourse, Enforcement and Liability
FTI Consulting commits to resolve complaints about your privacy and its collection or use of your Personal Information in compliance with the EU-US DPF, the UK Extension to the EU-US DPF, and the Swiss-US DPF Principles. Please contact FTI Consulting at:dpo@fticonsulting.com should you have a DPF-related (or general privacy-related) complaint.
If you are a resident of the EU/EEA or UK, and you have a complaint related to this Policy that cannot be resolved with FTI Consulting directly, you may report your claim to the Data Protection Authorities located in your jurisdiction. If you are a resident of Switzerland, and you have a complaint related to this Policy that cannot be resolved with FTI Consulting directly, you alternatively may report your claim to the Swiss Data Protection Authority (Federal Data Protection and Information Commissioner). As further explained in the DPF Principles, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, FTI Consulting commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (“DPAs”) and the UK Information Commissioner’s Office (“ICO”) and the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) with regard to unresolved complaints concerning our handling of Personal Information received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF. To access the applicable authority details, see the Contact Details section which lists the applicable EMEA authorities.
FTI Consulting is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (“FTC”).
Changes to this Policy
FTI Consulting reserves the right to make changes to this Policy on EU-US Data Privacy Framework (DPF), UK Extension to the EU-US DPF, and Swiss-US DPF from time to time. FTI Consulting will do so by posting amendments on this website.
Changes to this Policy
By using FTI Consulting websites you acknowledge the collection, use and storage of Personal Information as described in this Global Privacy Notice and elsewhere on the websites. FTI Consulting reserves the right to make changes to this public facing Global Privacy Notice from time to time. FTI Consulting will do so by posting amendments to the Global Privacy Notice on this website.
Definitions
Aggregated Information: Refers to information about a group of individuals from which the individually identifiable information has been removed. An example of Aggregated Information would be the statistic that 20 people used our website’s contact form on a given day.
Artificial Intelligence (AI): A set of technologies that enable computers to perform a variety of advanced functions, including the ability to see, understand and translate spoken and written language, analyze data, make recommendations, and more.
Controller (Or its equivalent under various privacy laws, such as a Personal Information Processor under Chinese law, Data Fiduciary under Indian law, or APP Entity under Australian law): A data controller is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Information.
Data Protection Impact Assessment (DPIA): An assessment of the impact of any planned processing operations on the protection of personal information.
Deidentified Information: Means information subjected to reasonable measures to ensure that the deidentified information cannot be associated with the individual. An example of Deidentified Information would be the data point that an unidentified visitor first entered the website through our main web page.
EU-US DPF: A transatlantic data transfer agreement established between the European Union (EU) and the United States (U.S.) to facilitate the lawful transfer of Personal Information from the EU to the U.S., in compliance with the EU’s General Data Protection Regulation (GDPR).
Personal Information: Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to you or your household. Examples include full name, email address, mailing address, phone number, IP address, device identifiers, browsing history, and more.
Processing: Any handling of Personal Information including but not limited to collection, use, copying, storage, organizing, retrieval, read-only access, and erasure.
Processor: (Or its equivalent under various privacy laws, such as an Entrusted Party under Chinese law, Data Intermediary under Singaporean law, or Service Provider under certain U.S. state laws): A data processor is a natural or legal person, public authority, agency, or other body which processes personal information on behalf of the data controller.
Sell, sale, or sold: Selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or other means, your Personal Information to a third party for money or other valuable consideration.
Sensitive Personal Information: A subcategory of Personal Information that requires additional protection. Examples include social security number, driver’s license number, state identification card, passport number, account log-in and password, financial account and password, debit or credit card number and access code, precise geolocation information, race, ethnic origin, religious or philosophical beliefs, union membership, and more.
Standard Contractual Clauses ‘SCCs’: Pre-approved legal instruments used to regulate the cross-border transfer of Personal Information, ensuring that it remains protected in line with the privacy standards of the originating jurisdiction.
Swiss-US DPF Scheme: A transatlantic data transfer mechanism that enables lawful transfers of Personal Information from Switzerland to the United States, in accordance with Swiss data protection laws, particularly the Swiss Federal Act on Data Protection (FADP).
Transfer: An intentional sending of Personal Information to another party or making data accessible, where neither sender nor recipient is a data subject.
Transfer Impact/Risk Assessments: An assessment of the impact of transferring Personal Information outside of its country of origin.
UK Extension to the EU-US DPF: An extension of the EU-U.S. DPF that ensures that UK Personal Information transferred to the U.S. benefits from adequate protections comparable to those under UK law.
Questions and Comments
If you have questions or concerns regarding this policy or FTI Consulting’s Personal Information processing policies, please contact FTI Consulting at: dpo@fticonsulting.com.
**This policy covers FTI Consulting, Inc. and its subsidiaries including: Compass Lexecon LLC; FTI Capital Advisors, LLC; FTI Consulting (Government Affairs) Inc.; FTI Consulting (SC) Inc.; FTI Consulting Acuity LLC; FTI Consulting Platt Sparks LLC; FTI Consulting Realty, Inc.; FTI Consulting Technology LLC; FTI Consulting Technology Software Corp.; FTI Hosting LLC; FTI International LLC; FTI LLC; Sports Analytics LLC.