RSM US Privacy Policy

Effective Date July 2015 (last updated December 22, 2022)

  1. Introduction
  2. Personal Information Collected
  3. Cookies and Other Tracking Technologies
  4. How We Use and Disclose Personal Information
  5. Other Online Services
  6. Your Choices
  7. Data Retention
  8. Security
  9. Additional Information for California Residents
  10. Additional Information for Those Located Outside of the United States
  11. Updates to Privacy Policy
  12. Contacting Us

1.  INTRODUCTION

This Privacy Policy provides notice of the information collection and use practices of RSM US LLP, and its affiliates (together, “RSM,” “us,” “our,” or “we”). This Privacy Policy applies to our processing of your personal information including through www.rsmus.com (the “Website”), through offline means such as at RSM events, or through the provision of our services requested by you or by our clients, such as professional, tax, or auditing services (the “Services”). This Privacy Policy does not apply to other online services that we make available but do not link to this Privacy Policy. We may provide you additional privacy notices at the point of collection of your personal information on the Website, including particular subdomains of rsmus.com, such as the Website’s career portal.

For information on information processed by tracking technologies (e.g., cookies) on the Website, see our Cookie Policy.

If you are a California resident, please see section 9 below, which sets forth additional information and rights you may have under California law.

Return to top

2.  PERSONAL INFORMATION COLLECTED

Personal information generally means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly with you. Personal information does not include information that is publicly available, de-identified, or aggregated.

We may obtain your personal information from the following sources:

  • Directly from you. Such as when you register or maintain a Website account with us, sign up to receive e-newsletters, register for events, or fill out online forms.
  • Our clients. Clients of our Services may provide us personal information about you. For example, our clients may provide personal information related to their employees, customers, or suppliers. Personal information may be in the form of, or included in, documentation provided to us to perform our Services.
  • Our vendors. Our vendors may provide us information related to you in the process of providing us their services. For example, vendors may disclose to us your dietary preferences to accommodate in-person events.
  • Tracking technologies. Such as when you visit the Website, which may have first party and third-party technology integrations (e.g., cookies) that help facilitate and personalize your visit to the Website or to other online services. For more information see our Cookie Policy.
  • External sources. Such as data resellers, government publicly available records, from your employer, and from referrals or business professionals in your network. This does not include our vendors.

Personal information we process about you may differ based on how you interact with us, but may include:

  • Identifiers. This includes names, contact information, addresses, Internet Protocol addresses, or other similar identifiers.
  • Personal Records. This includes your signature, telephone number, education, and employment.
  • Commercial information. This includes records of personal property, services purchased, obtained, or considered purchasing.
  • Characteristics of protected classifications. This includes age, gender, nationality or citizenship, and race or ethnic origin.
  • Internet or Other Electronic Network Activity. This includes Internet Protocol address, device identifiers, mobile network, operating system details, language preferences, referring URLs, length of visits, traffic data, pages viewed, and information regarding interactions with the Website.
  • Geolocation Data. This includes global latitude and longitude of your location.
  • Audio, electronic, visual, or similar information. This includes audio recordings of customer services calls or video recordings of online webinars.
  • Professional or Employment-Related Information. This includes your job title, employer, and other professional background information.
  • Account and Profile Information.  If you register an account, you may provide information such as your name, age, date of birth, gender, address, email address, telephone number, and username/password.
  • Payment Information.  You may provide certain payment information, such as credit card, debit card, account number or other payment method information, as well as billing address information.
  • Information Necessary to Perform Our Services.  This includes any information we obtain from the sources listed above in relation to providing our Services such as payment-related information, information on financial conditions, such as bank account information and other benefits, insurance data and the license plate number of a company car, information on insurances and occupational pensions, tax information and documentation, such as tax equalization and tax return files, compensation data, travel information, birth certificates, marriage licenses, degrees, working and living arrangements, immigration data, work permits, payroll information, and health information, such as treatment history and absence data such as medical certificate and information on sick leave, leave of absence, or parental leave.
  • Background Check Information. We may run background checks in relation to our Services before, during or after provision of such Services. Information involved may include reputational and financial checks, conflicts, anti-money laundering, government sanctions checks, and politically exposed persons checks.
  • Legal Records and Documentation. We may process information related to your legal records for our protection, protection of our clients and others, as well as to perform our Services. Legal records may include court records, information on pending or completed litigation or other legal actions, and active disputes.
  • External Service Information.  We may obtain information about you from external services, such as where you choose to use a Website feature provided by an external party. We may also supplement certain information that we collect from you with outside records. External parties may provide us with information about you in connection with a co-marketing agreement or in connection with a tracking technology.
  • Inferences. We may process inferences drawn from any other personal information we process to create a profile about you reflecting your preferences, intelligence, abilities, and aptitudes.

Return to top

3.  COOKIES AND OTHER TRACKING TECHNOLOGIES

In addition to any personal information or other information that you choose to submit through the Website or offline, we and our vendors may use a variety of tracking technologies, including cookies, that collect certain information whenever you interact with the Website, such as device identifier, your IP address, location, other unique identifiers, all of the areas within the Website that you visit, and the length and time of the visit.

We may combine certain automatically-collected information with other information we obtain about you, which may include data we obtain from external parties.

You can set your browser to refuse cookies from the Website, but if you do so, you may not be able to access or use portions of the Website, or certain offerings on the Website may not function as intended or as well. 

For information on information processed by tracking technologies (e.g., cookies) on the Website, see our Cookie Policy.

Return to top

4.  HOW WE USE AND DISCLOSE PERSONAL INFORMATION

We collect, use, and disclose to service providers personal information, as described above, for the following purposes. Unless otherwise noted, the description below covers our activities in the twelve months preceding the Effective Date, as well as our current practices.

Category of Personal information

 

Sources of and Purposes for Collection and Use

 

Purposes for Disclosure to Service Providers

 

Identifiers

 

Sources:

Directly from you

Our clients

Our vendors

Tracking technologies

External sources

Purposes:

To provide you with access to the Website features

To enable external party features

To perform necessary and appropriate internal functions, such as records maintenance and developing or improving the Website

To communicate with you

To respond to your requests for technical support, online services, or to any other communication you initiate

To prevent and detect fraud, verify identity, comply with a legal obligation, defend legal claims, assist with legal processes such as investigations, regulatory requests, litigation, and arbitration, and as required by applicable law, court order, or governmental regulations

Helping to ensure security and integrity

Debugging to identify and repair errors in functionality

Short-term, transient use

Performing services needed to operate our business

Internal research for technological development and demonstration

Undertaking activities to verify or maintain the quality or safety of our systems and services, and to improve, upgrade, or enhance our systems and Website

Personal Records

 

 

Sources:

Directly from you

Our clients

Our vendors

External sources

Purposes:

To perform necessary and appropriate internal functions, such as records maintenance

To prevent and detect fraud, verify identity, comply with a legal obligation, defend legal claims, assist with legal processes such as investigations, regulatory requests, litigation, and arbitration, and as required by applicable law, court order, or governmental regulations

Performing services needed to operate our business

Commercial Information

Sources:

Directly from you

Our clients

Our vendors

Purposes:

To perform necessary and appropriate internal functions, such as records maintenance or administration of services

Performing services needed to operate our business

 

Characteristics of Protected Classifications

 

Sources:

Directly from you

Our clients

Our vendors

External sources

Purposes:

To perform necessary and appropriate internal functions, such as records maintenance or administration of services

Performing services needed to operate our business

Internet or Other Electronic Network Activity

 

Sources:

Tracking technologies

Purposes:

To provide you with access to the Website features

To enable external party features

To perform necessary and appropriate internal functions, such as developing or improving the Website

To prevent and detect fraud, verify identity, comply with a legal obligation, defend legal claims, assist with legal processes such as investigations, regulatory requests, litigation, and arbitration, and as required by applicable law, court order, or governmental regulations

Helping to ensure security and integrity

Debugging to identify and repair errors in functionality

Short-term, transient use

Performing services needed to operate our business

Internal research for technological development and demonstration

Undertaking activities to verify or maintain the quality or safety of our systems and services, and to improve, upgrade, or enhance our systems and Website

Geolocation

Sources:

Tracking technologies

Purposes:

To provide you with access to the Website features

To enable external party features

To perform necessary and appropriate internal functions, such as developing or improving the Website

To prevent and detect fraud, verify identity, comply with a legal obligation, defend legal claims, assist with legal processes such as investigations, regulatory requests, litigation, and arbitration, and as required by applicable law, court order, or governmental regulations

Helping to ensure security and integrity

Debugging to identify and repair errors in functionality

Short-term, transient use

Performing services needed to operate our business

Internal research for technological development and demonstration

Undertaking activities to verify or maintain the quality or safety of our systems and services, and to improve, upgrade, or enhance our systems and Website

 

Audio, electronic, visual, thermal, or similar information

 

Sources:

Directly from you

Our clients

Our vendors

External sources

Purposes:

To perform necessary and appropriate internal functions, such as records maintenance

To prevent and detect fraud, verify identity, comply with a legal obligation, defend legal claims, assist with legal processes such as investigations, regulatory requests, litigation, and arbitration, and as required by applicable law, court order, or governmental regulations

To comply with health and safety obligations

Helping to ensure security and integrity

Performing services needed to operate our business

Undertaking activities to verify or maintain the quality or safety of our systems and premises, and to improve, upgrade, or enhance our systems and Website

Professional or Employment-Related Information

 

Sources:

Directly from you

Our clients

Our vendors

External sources

Purposes:

To perform necessary and appropriate internal functions, such as records maintenance

To prevent and detect fraud, verify identity, comply with a legal obligation, defend legal claims, assist with legal processes such as investigations, regulatory requests, litigation, and arbitration, and as required by applicable law, court order, or governmental regulations

Performing services needed to operate our business

Inferences drawn from any of the information identified in this section to create a profile about you reflecting your preferences, intelligence, abilities, and aptitudes

 

 

Sources:

Directly from you

Our clients

Our vendors

External sources

Tracking technologies

Purposes:

To perform necessary and appropriate internal functions, such as records maintenance and developing or improving the Website

Performing services needed to operate our business

 

In addition, we may collect and disclose Account and Profile Information, Payment Information, Information Necessary to Perform Our Services, Background Check Information, Legal Records and Documentation, and External Service Information for the following purposes:

  • Provide Services. To provide our Services, including creating and activating accounts, facilitate and managing purchases, processing payments, processing transactions, and servicing accounts.
  • Research and Development. We may develop new features, create new products or improve existing ones, including using personal information for internal purposes related to certain research. This may include when you participate in surveys or research activities.
  • Advertising. We may personalize your experience with us by conducting advertising, such as contextual, targeted, or behavioral advertising. For example, this allows us to recommend products you might like or find useful.
  • Marketing Messages. To communicate with you about products or services you have purchased or used; provide you with promotional messages and personalized advertising; to notify you of other products; to notify you of contests, challenges, sweepstakes, and other promotions; to notify you of services we think may be of interest to you; and, for other marketing purposes.
  • Customer Service. To respond to your requests for technical support, online services, product information or to any other communication you initiate, including requests, inquiries, and complaints.

Co-Branded Services. From time to time we may enter into an arrangement with another company that is not owned by or affiliated with us to provide additional features on the Website. These arrangements may include business partners, sponsors, and co-branded online services (referred to here as “co-branded services”). Any information, including personal information, that you provide on one of these co-branded services may be shared with these partners. By participating in activities or providing your information on these co-branded services, you consent to our providing your information to those partners. Separate privacy policies may apply to these partners’ uses of your personal information.

Business Transactions. In the event of a business transaction, we may disclose personal information to prospective or actual purchasers, investors, or successor entities in connection with a contemplated reorganization or an actual reorganization of our business, in connection with financing, a sale, or other transaction involving the disposal of all or part of our business or assets, including for the purpose of permitting the due diligence required to decide whether to proceed with a transaction, pursuant to assurances of sufficient data handling practices and safeguards.

Legal Compliance and Safety. We may also disclose personal information for legal compliance, law enforcement, and public safety purposes. For example, to law enforcement, government or regulatory bodies, lawful authorities, or other authorized third parties in order to comply with laws, regulations, court orders, or other legal obligations or to assist in an investigation, to protect and defend our rights and property, or the rights or safety of third parties, to enforce our Terms of Use, this Privacy Policy, or agreements with third parties, or for crime-prevention purposes.

We may combine your personal information with data we obtain from our services, other users, or third parties. We reserve the right to convert, or permit others to convert, your personal information into deidentified, anonymized, or aggregated data, as permitted by law.

Return to top

5.  OTHER ONLINE SERVICES

The Website may contain links to, or features facilitated by, other online services. For example, you may be able to share content from the Website to your social media profile on an external online service. This Privacy Policy does not apply to the practices of companies or other entities that we do not own or control. We provide these external links merely for your convenience and we have no control over, do not review, and are not responsible for external online services.

Return to top

6.  YOUR CHOICES

If you have a registered account, you may be able to change your preferences as well as update your personal information through your account settings.

If you receive marketing emails from us, you may opt out through the instructions provided in the email. Please note that regardless of your email preferences, we may send you notifications pertaining to the performance of our services, such as revision of our Terms of Use or this Privacy Policy or other formal communications relating to products or services you have purchased or use.

If you receive marketing texts from us, you may opt out by texting “STOP” to the number contacting you.

Return to top

7.  DATA RETENTION

We keep the categories of personal information described above for as long as is necessary for the purposes described in this Notice or to achieve the purposes for which the information was collected, or as may be permitted under applicable law. This generally means holding the information for as long as one of the following apply:

  • Your personal information is reasonably necessary to manage our operations, to manage your relationship with us, or to satisfy another purpose for which we collected the information;
  • Your personal information is reasonably necessary to carry out a disclosed purpose that is reasonably compatible with the context in which the personal information was collected;
  • Your personal information is reasonably required to protect or defend our rights or property (which will generally relate to applicable laws that limit actions in a particular case); or
  • We are otherwise required or permitted to keep your personal information by applicable laws or regulations.

To determine the appropriate retention period, we will consider the amount, nature, and sensitivity of the data; the potential risk of harm from unauthorized use or disclosure of the data; the purposes for which we process the data and whether we can achieve those purposes through other means; and the applicable legal requirements. Unless otherwise required by applicable law, at the end of the retention period we will remove personal information from our systems and records. 

Where your personal information is used for more than one purpose, we will retain it until the purpose with the latest period expires.

Return to top

8.  SECURITY

We implement appropriate administrative, technical, physical, and organizational safeguards to protect against unauthorized or unlawful processing of personal information and against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal information. Please be advised, however, that we cannot fully eliminate security risks associated with the storage and transmission of personal information. RSM limits access to internal systems that hold personal information to individuals who need access for a legitimate business purpose.

Return to top

9.  ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS

This section provides additional information on our processing of personal information related to California residents.

Sensitive Data. In addition to personal information described in Section 2: Personal information Collected, we also collect, use, and disclose to service providers certain personal information that is considered sensitive under California law, as further described below:

Category of Sensitive Personal information

Categories of Sources and Purposes for Collection

Purposes for Disclosure to Service Providers

Information that reveals social security, driver’s license, state identification card, or passport number

Sources:

Directly from you

Our clients

Our vendors

Purposes:

To perform necessary and appropriate internal functions, such as records maintenance or administration of services

Performing services needed to operate our business, including maintaining or servicing accounts, providing customer service, processing requests, verifying information, and other similar services

Undertaking activities to verify or maintain the quality or safety of our systems and services

 

Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account

Sources:

Directly from you

Purposes:

To provide you with access to the Website features

To enable external party features

To perform necessary and appropriate internal functions, such as developing or improving the Website

To prevent and detect fraud, verify identity, comply with a legal obligation, defend legal claims, assist with legal processes such as investigations, regulatory requests, litigation, and arbitration, and as required by applicable law, court order, or governmental regulations

Performing services needed to operate our business, including maintaining or servicing accounts, providing customer service, processing requests, verifying information, and other similar services

Undertaking activities to verify or maintain the quality or safety of our systems and services, and to improve, upgrade, or enhance our systems and services

 

Personal information that reveals racial or ethnic origin, religious or philosophical beliefs, or union membership

Sources:

Directly from you

Our clients

Our vendors

External sources

Purposes:

For business improvement, management, and planning

Short-term, transient use

Performing services needed to operate our business

Personal information collected and analyzed concerning a consumer’s health

 

Sources:

Directly from you

Our clients

Purposes:

To perform necessary and appropriate internal functions, such as records maintenance or administration of services

Performing services needed to operate our business

Personal information collected and analyzed concerning a consumer’s sex life or sexual orientation

Sources:

Directly from you

Purposes:

To perform necessary and appropriate internal functions, such as records maintenance or administration of services

Performing services needed to operate our business

 

Selling and Sharing of Personal information. In accordance with the definition of “sell” and “share” under California law, we do not “sell” or “share” personal information outside of the context of using tracking technology vendors.  We may disclose personal information to vendors that facilitate interest-based advertising and other advertising and marketing through cookies or other tracking technologies through the Website. For more information on tracking technologies and your choices of controlling such, see our Cookie Policy and your additional rights to opt-out of this “sell” and “share” below.

California Resident Privacy Rights. If you are a California resident, you have certain rights to the personal information that we have collected about you and you may exercise those rights independently or through an authorized agent. We will comply with your request as soon as reasonably practicable. Requests to exercise your rights may be granted in whole, in part, or not at all, depending on the scope and nature of the request and applicable law. To prevent unauthorized requests related to your personal information, we take steps to verify that you are the person that is the subject of the request. Following verification of your identity, we will notify you if we are able to fulfill your request and if we are unable to fulfill your request, we will outline the reasons we are unable to honor your request at this time.

You may exercise some of these rights and choices through the Website features, such as editing your account settings or profile details when you are logged in. You may also exercise your rights to your personal information by submitting your requests via our Privacy Rights Portal, by toll-free calling 1-800-274-3978, or by email to dataprivacyoffice@rsmus.com.

Right to Know: You have the right to know about your personal information. You also have the right to obtain a transportable copy of your personal information. Your right to know request may be made no more than twice in a 12-month period.

Your right to know request may encapsulate the following:

  • The categories of personal information we have collected about you
  • The categories of sources from which the personal information was collected
  • Our business or commercial purposes for collecting, selling, or sharing your personal information
  • The categories of third parties to which we disclosed your personal information
  • The categories of personal information we sold or shared about you and the categories of third parties to which each category of personal information was sold or shared
  • The categories of personal information we disclosed about you for a business purpose and the categories of persons to which it was disclosed
  • The specific pieces of personal information we have collected about you

Right to Correct Personal information: You may request that we correct personal information that we maintain about you if you believe such personal information is inaccurate. Upon receipt of a verifiable request to correct inaccurate personal information, we will use commercially reasonable efforts to correct the information as you direct.

Right to Request Deletion of Personal information: You may request that we delete your personal information that we have collected directly from you and are currently maintaining. Please note, however, that we may have a legal basis for retaining such personal information under the California law, despite your request.

Opt-Out Rights: In accordance with the definition of “sell” and “share” under California law, we do not “sell” or “share” personal information outside of the context of using tracking technology vendors.

For more information on tracking technologies and your choices of controlling such, see our Cookie Policy.

You have the right to opt out of the selling or sharing of your personal information via tracking technologies (e.g., cookies) on the Website by using our cookie preference center. If you choose to use an opt-out browser signal, such as the Global Privacy Control, you will be opted out of cookie-based sales and shares. Please note that visiting our Website with an opt-out browser signal enabled will have the effect of opting you out of sales and sharing with respect to our Website. You will need to turn on the signal for each browser that you use. To submit a request to opt out of other types of sales and sharing, please use our webform.

Right to Limit Use and Disclosure of Your Sensitive Personal information: Where we use sensitive personal information to infer characteristics, you may direct us to limit the use and disclosure of your sensitive personal information to uses/disclosures that are reasonably necessary to provide our goods and services, or as needed: to ensure security and integrity; to prevent fraud or illegal activity; for physical safety; for short-term, transient use, including for non-personalized advertising; to perform services on behalf of the business; and to verify or maintain the quality or safety of a service controlled by us, and to improve, upgrade, or enhance such services. Because we do not use nor disclose sensitive personal information to infer characteristics nor for other purposes not listed here, there is no need to submit a request to limit use and disclosure of your sensitive personal information.

Right to Non-Discrimination for the Exercise of Your Privacy Rights: If you choose to exercise any of your privacy rights under California law you also have the right not to receive discriminatory treatment by us.

Return to top

10.  ADDITIONAL INFORMATION FOR THOSE LOCATED OUTSIDE THE UNITED STATES

If you are located outside of the United States, you acknowledge that we collect, process, and store personal information in the United States, and that the data protection and privacy laws in the United States may not offer the same level of protection than the applicable laws in your jurisdiction. Where we transfer your personal information to an entity outside of your location, we take steps to comply with law in respect of that transfer, for example by ensuring that your personal information is protected by comparable safeguards to those provided under the law of your location. 

Return to top

11.  UPDATES TO PRIVACY POLICY

We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of this Privacy Policy. We may provide more specific reasonable notice at our discretion (e.g., a banner, pop up, or email to you) if we materially change this Privacy Policy. Any changes to this Privacy Policy will be effective as of the “Last Updated” date at the top of this page, unless otherwise expressly indicated.

Return to top

12.  CONTACTING US

You may contact us dataprivacyoffice@rsmus.com, 1-800-274-3978, or:

Attn: Data Privacy Office
200 S. Wacker Drive
Suite 3900
Chicago, IL 60606