Privacy
This Privacy Notice is intended to help you understand what information we collect, why we collect it, and how you can update, manage, and delete your information.
Website Privacy Notice
Last updated: April 22, 2026
Berkeley Research Group, LLC and its affiliates (collectively “BRG,” “we,” “our,” or “us”) provide this privacy notice (“Notice”) to describe how we collect, use, share, and otherwise process the personal data of individuals who visit our website (“Site”), use our products or services, or otherwise interact with BRG (such individuals are referred to as “you” at times in this notice).
When we refer to “personal data” in this Notice, we mean any information that relates to an identified or identifiable individual, such as a name, email address, physical address or phone number. More detail on the kinds of personal data we collect appears below.
For purposes of the EU General Data Protection Regulation (“GDPR”) and other similar privacy laws, BRG acts as the “controller” of the personal data described in this notice. That means that BRG determines how the personal data is processed and for what purposes.
This Notice does not apply to personal data gathered from BRG job applicants or employees; that information is covered under separate notices. Likewise, this Notice does not apply to our processing of personal data provided to us by clients for analysis or other services; that personal data is covered under the terms of our agreements with our clients.
Sources
We collect personal data about you during the course of your interactions with BRG, including when you visit our websites, use our applications, purchase products and services, request information from us or otherwise communicate with us, or participate in events or other business engagements we may be part of.
We may also obtain personal data from public and/or third-party sources to ensure the security of our network and systems, to verify information about individuals with whom we do business, to investigate incidents, to comply with applicable laws and regulations, and to protect our rights and those of our clients.
Categories of Personal Data We Collect
Identifiers
This includes things like your name, physical address, email address, phone number, and any other identification numbers that might be used to identify you.
Geolocation data
We may gather general information about your location, like your address or your region. We do not collect or process precise geolocation data.
Commercial information
This includes things like records of your commercial interactions with us, including the purchase or consideration of products and services.
Internet or other electronic network activity information
We collect information relating to your interactions with our Site and any applications we provide, including things like your internet service provider, IP address, user language, operating system, browser type, device identifiers, browsing session data, and other similar information. It may also include information about online activities over time and across different websites. We use cookies and similar technologies on our Site. Please see Section 2 for more information about cookies.
Audio, electronic, visual, thermal, olfactory or similar information
BRG may use CCTV, access badges, and WiFi networks at some of its facilities.
Professional or employment information
This may include information about your current or past employment, positions you have held, or other similar information.
Children’s Information
Our Site, products and services are not intended for anyone under the age of 18. We do not knowingly collect information about anyone below that age.
Sensitive and Special Category Data
We do not process special categories of personal data (sensitive personal data) about you.
Cookies, pixels and other tracking technologies
We and our third party service providers (including analytics and advertising providers) use several types of tracking technologies (e.g., cookies, web beacons, pixels, and device identifiers) to provide functionality, to recognize you across different services and devices, to improve your experience, and for the purposes of advertising and engaging with you based upon indications that you may be interested in our products or services.
When you first visit the Site or use an application that uses one of these technologies, we will present you with a consent banner that allows you to accept or reject several categories of non-essential cookies. You may change your preferences at any time by clicking the Cookie Preferences link in the footer of the Site.
Several of the tracking technologies we use on the Site are provided by third-party vendors. To see an up-to-date list of the vendors whose technologies we use, click the Cookie Preferences link in the footer of the Site, then click on a consent category. For a description of a vendor and a link to their privacy policy, click the “+” next to the vendor’s name.
Categories of cookies we use
Required Cookies
These cookies are necessary for the Site or an application to function properly for purposes of things like session management and security. These cookies do not require consent and cannot be turned off.
Functional & Analytics Cookies
These cookies allow us to analyze Site usage in order to evaluate and improve its performance. They are also used to provide a better user experience on the site, such as by measuring interactions with particular content, providing enhanced features on the Site, or remembering preference settings.
Advertising Cookies
These cookies are used to deliver relevant advertisements to you and to track the effectiveness of our marketing efforts. These cookies may be used by advertising companies to inform and serve personalized ads more relevant to your interests. These Cookies also may facilitate sharing information with social networks or recording your interactions with particular ads.
Global Privacy Control
We honor Global Privacy Control (GPC) signals. Some browsers and browser extensions enable you to signal your privacy preferences through the GPC. If you enable GPC, our site will automatically honor your preferences, including turning off Advertising cookies on our Site and opting out of the sharing or sale of your personal data.
How we use your personal data
We use your personal data for several purposes listed in the table below. For each purpose, we have provided a legal basis for the processing of your personal data for purposes of jurisdictions that require a legal basis to be stated. Citations are to the General Data Protection Regulation (GDPR).
| Purpose | Legal basis |
| To administer, manage, deliver and promote our business and services | Our legitimate interest in offering and providing our products and services to our clients and operating our business. (Article 6 (1)(f)) |
| Providing and maintaining the Site or application and communication with clients, potential clients, vendors and other third parties. | Our legitimate interest in communicating with clients and potential clients and providing information and engagement; communication with vendors and other third parties in operating our business. (Article 6 (1)(f))
In some cases, to fulfill our contract obligations to you. (Article 6 (1)(b)) |
| Hosting and conducting events | Our legitimate interest in engaging and informing clients, prospective clients, and other participants. (Article 6 (1)(f)) |
| Providing direct marketing communications about our products and services | Your consent for purposes of email marketing and online targeted advertising. (Article 6(1)(a))
Our legitimate interest in marketing our products and services to you and improving your experience with us. (Article 6(1)(f)) |
| Providing physical security at our facilities | Our legitimate interest in protecting our employees and guests and securing our hardware assets. (Article 6(1)(f)) |
| Ensuring security, preventing fraud, and maintaining the security of the Site or application. | Our legitimate interest in protecting our Site, applications, and their users. (Article 6(1)(f)) |
| Complying with applicable laws and regulations | Necessary for compliance with our legal obligations. (Article 6(1)(c)) |
| Collecting data and conducting analytics associated with the Site or application | Your consent for purposes of maintaining and improving our Site and any applications. (Article 6(1)(a)) |
Where we rely on legitimate interests, we have conducted a balancing assessment where required and determined that our interests do not override your rights and freedoms.
Where we intend to use or otherwise process your personal data for a purpose other than the purpose for which it was collected, we will provide you with information regarding the purpose of the processing, as well as other relevant information, prior to processing your personal data for the new purpose.
Automated decision making
We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects on you.
How we share your personal data
We share your personal data with the following third parties:
- Among our corporate affiliates and subsidiaries in a manner consistent with the purposes described in this Notice;
- With service providers who work on our behalf and who have agreed to use the information solely in furtherance of our operations. These providers are subject to agreements that require them to maintain appropriate levels of security and confidentiality of the personal data we share with them;
- With third parties for purposes of cross-context behavioral advertising as defined under the California Consumer Privacy Act (CCPA/CPRA), except where we do not have your consent or you have requested that we do not sell or share your personal data for this purpose;
- As required by law, such as to comply with a subpoena or other legal process, or to comply with government reporting obligations;
- When we believe, in good faith, that disclosure is necessary to protect our rights, the integrity of our work, or the safety of others, or to detect, prevent, or respond to fraud, intellectual property infringement, violations of our terms of use, or violations of law;
- In the context of an actual or prospective business transaction involving all or part of our company, including mergers, acquisitions, consolidations or divestitures; and
- As otherwise disclosed at the time personal data is collected.
International data transfers
At times, your personal data may be transferred to service providers or systems in countries that may not offer a level of data protection equivalent to that in your country, including the United States. Where such transfers occur, BRG complies with the cross-border data transfer and export control laws of the countries in which it operates.
Where personal data is transferred out of the European Economic Area (“EEA”) or the United Kingdom to a country that is not recognized under an adequacy decision by the European Commission or the UK, BRG takes steps to ensure that Personal Data is adequately protected under appropriate safeguards, such as the standard data protection clauses approved by the European Commission, and where necessary, supplemental measures to protect the rights and freedoms of EEA resident employees. BRG takes similar measures in other countries where specific transfer mechanisms are required.
Where Personal Data is transferred from the European Economic Area to the United States, BRG complies with the EU-U.S. Data Privacy Framework as well as the UK extension to the EU-U.S. DPF (together, the “EU-U.S. DPF”) as set forth by the U.S. Department of Commerce. BRG has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“DPF Principles”) about the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this privacy notice and the DPF Principles, the DPF Principles will govern. To learn more about the Data Privacy Framework Program and to view our certification, please visit https://www.dataprivacyframework.gov/
Where BRG transfers your personal data to a vendor or third party, BRG ensures that the vendor or third party handles and protects your personal data in compliance with the EU-U.S. DPF and this Privacy Notice. We remain responsible and liable under the DPF Principles if a third party that we engage in processing personal data on our behalf does so in a manner inconsistent with the DPF Principles, unless BRG proves that it is not responsible for the event giving rise to the damage.
In compliance with the EU-U.S. DPF, BRG commits to cooperate and comply with the advice of the panel established by the EU data protection authorities about unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF in the context of the employment relationship.
Exercising your privacy rights
Depending upon where you reside, you may have certain rights related to your personal data, including rights to know what personal data we process about you, access your personal data, correct inaccurate personal data, limit our use or disclosure of personal data, data portability, and, in some cases, request deletion of your personal data or object to the manner in which it is processed. If we used consent to permit our use of your personal data, you may withdraw your consent at any time.
You will not ordinarily have to pay a fee to exercise the rights you have. However, we may charge a reasonable fee if your request is unfounded or excessive.
We will respond to verified requests within the timeframes required by applicable law. In some cases, we may limit or deny your request if the law permits or requires us to do so, or if we are unable to adequately verify your identity.
We will not discriminate against you for exercising your lawful privacy rights.
To exercise these rights, contact us. See the “Contact Information” section below. Please be aware that BRG may be unable to afford these rights to you under certain circumstances, such as if we are legally prevented from doing so.
Right to lodge a complaint
If you are in the European Economic Area (EEA) or the United Kingdom, you have the right to lodge a complaint with a supervisory authority in your country of residence. You may have similar rights in other jurisdictions, depending upon where you reside.
Opting out of email marketing
If you receive marketing email and no longer want to receive such communications from us, you can simply click on the opt-out link in the footer of any emails you receive.
Retention
BRG will retain your information only for as long as is necessary for the purposes set out in this policy (e.g., for the length of your engagement with BRG or length of time you consent to receive communications), or as needed to provide services to you. After such time lapses, BRG will retain and use your information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your information to comply with applicable tax/revenue laws), resolve disputes, enforce our agreements, and as otherwise described in this policy.
Third-Party Links and Tools
The Site or an application may link to websites maintained by third-party organizations, including social networking platforms. When you choose to use these links to connect to third party websites or platforms, your interaction with those platforms is governed by their respective privacy notices, not this Notice. We encourage you to review the privacy practices of any third-party website or platform before using it.
Likewise, if you use a third party service like Google or Facebook for authentication purposes on our Site or applications, those services are also the subject of those service providers’ privacy notices.
Security
BRG will take reasonable steps to help protect personal data from loss, misuse and unauthorized access, disclosure, alteration, and destruction. Despite our best efforts, however, BRG cannot guarantee the absolute security of personal data against all threats. This is particularly true of information on or transmitted via the internet.
California disclosures
Categories of personal data
The categories of personal data described in Section 1 align with the categories designated by California law. All of the categories described have been collected within the last 12 months.
Sale and sharing of your personal data
While BRG does not sell your personal data for monetary compensation, as noted in Section 4, we do share your personal data with third parties for purposes of cross-context behavioral advertising purposes. We do not sell or share any personal data that California defines as sensitive personal information.
To exercise your right to request that your personal data not be sold or shared, click the Cookie Preferences link in the footer of the Site and disable Advertising Cookies. You can also indicate your preference by using the Global Privacy Control signal in your browser or a browser extension.
California Rights
In addition to the rights described above and in Section 9, California residents have the right to request that we disclose the categories and specific pieces of personal information we have collected, the categories of sources, the business or commercial purposes for collection, and the categories of third parties with whom we share personal information. Those rights can be exercised by contacting us as described in Section 11.
Authorized Agents
A properly authorized agent may be able to exercise California privacy rights on your behalf. Authorized agents must contact us as set forth in Section 11 and indicate that they are submitting the request as an agent. We reserve the right to require the agent to validate their identity and to require the agent to demonstrate authority to act on your behalf by providing signed permission from you. We may also require you to verify your own identity directly with us or to directly confirm with us that you provided the authorized agent permission to submit the request.
Contact information
If you have questions or comments about the website privacy notice, please contact us in our role as data controller at privacy@thinkbrg.com or at the following address or phone number:
1800 M Street NW, Second Floor
Washington, DC 20036 (USA)
+1 (202) 753-5819
Our Data Protection Officer, Amy R. Worley, can be contacted at the same address and phone number, or at DPO@thinkbrg.com.
Changes to this Notice
We may update this Notice from time to time to reflect changes in legal requirements, operational practices, or due to other factors. When required by applicable law, we will notify you of such changes to this Notice by posting a notice on this page before any changes take effect or in another appropriate manner. You can see when this Notice was last updated by checking the “Last Updated” date displayed at the top of this Notice.