Privacy Policy

October 28, 2022

CRA, Inc. (CRA) is committed to protecting the privacy of visitors to our website, subscribers to our newsletters, and those providing contact information. In addition, CRA is opposed to unauthorized commercial email delivery, otherwise known as spam. Please read the following Privacy and Spam Policy to understand how your personal information is treated. From time to time, CRA may offer new information or services that may affect this policy. If you have any questions or concerns regarding this Privacy and Spam Policy, please send an email to [email protected]. Spam abuses can also be notified at [email protected].

The following privacy policy (“Privacy Policy”) sets forth CRA’s policy with respect to information, including personally identifiable data (“Personal Data”) and other information, CRA collects from visitors to the CRA website located at https://www.cra-usa.net (the “Website”) and relevant product subdomains. CRA, the owner and operator of the Website, is a limited liability corporation formed under the laws of the Commonwealth of Virginia, United States.

This Privacy Policy does not apply to information of any kind that we collect by means (including offline means) or from sources other than those specified herein.

WHAT INFORMATION DO WE COLLECT & HOW IS IT USED?

Information You Voluntarily Submit to the Website: We collect Personal Data from you when you voluntarily provide such information, such as when you contact us with inquiries, register for access to the website, or purchase services from the website. Personal data may include, but is not limited to, the below:

  • Your name and email address
  • Your company name

Our legal basis for processing this information is your consent, and by voluntarily providing us with Personal Data, you are consenting to our use of it in accordance with this Privacy Policy. If you provide Personal Data to us, you acknowledge and agree that such Personal Data may be transferred and stored from your current location to the offices and servers of CRA and the authorized third parties referenced below.

Information We Collect from Others: We may receive information about you from other sources. For example, if you use third-party software through the site, they may transfer information to us for fulfillment. For more information about our use of third-party providers, please see below.

Automatically-Collected Information: We automatically collect certain information about you and the device with which you access CRA. For example, when you use www.cra-usa.net, we will log your IP address, operating system type, browser type, referring website, pages you viewed, and the dates/times when you accessed the Website. We may also collect information about actions you take when using CRA’s Website such as links clicked.

Cookies: We may log information using cookies, which are small data files stored on your browser by CRA. We may use both session cookies, which expire when you close your browser, and persistent cookies, which stay on your browser until deleted, to provide you with a more personalized experience on the website. For more information about our use of cookies, please see below.

HOW YOUR PERSONAL INFORMATION MAY BE USED
CRA, and our subsidiaries and affiliates (the “Related Companies”), may use your personal information in the following ways:

  • To operate and maintain the website;
  • To create your account, identify you as a user of the website, and customize the website to your account;
  • To send you promotional information, such as newsletters. Each email newsletter will provide information on how to opt out of future mailings by unsubscribing;
  • To send you administrative communications, such as administrative emails, confirmation emails, technical notices, updates on policies, or security alerts;
  • To respond to your comments or inquiries;
  • To provide you with user support;
  • To track and measure website performance;
  • To protect, investigate, and deter unauthorized or illegal activity;
  • To review the effectiveness of our marketing programs and analyze other general demographic trends;
  • To notify you of new information or services that may be of interest to you; or,
  • To send promotional materials.

LEGAL BASES FOR PROCESSING DATA UNDER THE GENERAL DATA PROTECTION REGULATION (“GDPR”)

Below are the types of lawful basis that we will rely on to process your Personal Data:

  • Legitimate Interestmeans the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Data for our legitimate interests. We do not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us at [email protected].
  • Performance of Contractmeans processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
  • Complywith a legal or regulatory obligation means processing your Personal Data where it is necessary for compliance with a legal or regulatory obligation that we are subject.
  • Consentmeans where you have consented to a certain use of your Personal Data.

DOES CRA SHARE MY INFORMATION?
CRA will not share, rent, lease or sell your personally identifiable information with third parties. We may, however, share your information with third parties when we are authorized to share such information.

Parent Companies and Affiliates: We may share your information with a parent company, any subsidiaries, joint ventures, or other companies under a common control (collectively, “Affiliates”), provided that we require our Affiliates to honor this Privacy Policy.

Business Transfers: As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution, or similar event, Personal Data may be part of the transferred assets.

Related Companies: We may also share your Personal Data with our Related Companies for purposes consistent with this Privacy Policy.

Third Parties with Permission: We may share your information with third parties to whom you ask us to send your information.

Agents, Consultants, and Related Third Parties: CRA, like many businesses, sometimes hires other companies to perform certain business-related functions. Examples of such functions include mailing information, maintaining databases, and processing payments. When we employ another entity to perform a function of this nature, we only provide them with the information that they need to perform their specific function.

Legal Requirements: CRA may disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation or to respond to requests from law enforcement or other government officials relating to investigations or alleged illegal activity or in connection with our own investigation of suspected or actual illegal activity, in which case we may (and you hereby authorize us to) disclose information without subpoenas or warrants served on us, (ii) protect and defend the rights or property of CRA, (iii) act in urgent circumstances to protect the personal safety of users of the Website or the public, (iv) protect against legal liability including to resolve disputes, investigate problems, or enforce our Customer contracts.

Third-Party Vendors: Additionally, CRA may use third-party service providers to service various aspects of the website. Each third-party service provider’s use of your personal information is dictated by their respective privacy policy. CRA currently uses the following third-party service providers:

Google Analytics: Privacy Policy

Google Analytics Opt-Out. To provide website visitors the ability to prevent their data from being used by Google Analytics, Google has developed the Google Analytics opt-out browser add-on for the Google Analytics JavaScript (ga.js, analytics.js, dc.js). If you want to opt out, download and install the add-on for your web browser. The Google Analytics opt-out add-on is designed to be compatible with Chrome, Internet Explorer 11, Safari, Firefox, and Opera. In order to function, the opt-out add-on must be able to load and execute properly on your browser. For Internet Explorer, 3rd-party cookies must be enabled. Learn more about the opt-out and how to properly install the browser add-on here.

Webinars: From time to time, CRA will host webinars, which may be hosted through Zoom. If you elect to participate in a webinar, you will be required to submit personal information to register and log in. You may also receive email communications regarding reminders and playback availability. Zoom Privacy Policy.

In addition, CRA will utilize Microsoft Teams (for government) for video conferencing. If you elect to participate in a video, you will be required to submit personal information to register and log in. You may also receive email communications regarding reminders and playback availability. Please visit Microsoft Teams Privacy Policy.

All information submitted for your participation is stored by the software hosting the webinar. Please consult their individual privacy policies.

OTHER TYPES OF DATA
Non-Identifiable Data: When you interact with us through the Website, we receive and store certain personally non-identifiable information. Such information, which is collected passively using various technologies, cannot presently be used to specifically identify you. We may store such information or such information may be included in databases owned and maintained by our affiliates, agents, or service providers. The Website may use such information and pool it with other information to track, for example, the total number of visitors to our Website, the number of visitors to each page of our Website, and the domain names of our visitors’ Internet service providers. It is important to note that no Personal Data is available or used in this process.

Aggregated Personal Data: In an ongoing effort to better understand and serve the users of the Sites, CRA may conduct research on its customer demographics, interests, and behavior based on the Personal Data and other information provided to us. This research may be compiled and analyzed on an aggregate basis, and we may share this aggregate data with our affiliates, agents, and business partners. This aggregate information does not identify you personally. CRA may also disclose aggregated user statistics in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes.

PUBLICLY VISIBLE INFORMATION
If you create a user profile on CRA, or leave a comment on CRA’s website, certain information may be publicly visible.

COOKIES
CRA uses cookies to: store visitors’ preferences; record user-specific information on what pages users access or visit; ensure that visitors are not repeatedly sent the same banner ads; or customize our content based on visitors’ browser type or other information that the visitor sends. We also share information about your use of our Website with our social media, advertising, and analytics partners. This section explains what cookies are, how we use Cookies and similar technologies on our Website, and what you can do to manage how Cookies are used.

WHAT ARE COOKIES?
A cookie is a small text file that is sent to your computer or mobile device (referred to in this policy as a “device”) by the web server so that a website can remember some information about your browsing activity on the Website. The Cookie will collect information relating to your use of the Website, information about your device such as the device’s IP address and browser type, demographic data, and if you arrived at our Website via a link from a third-party site, the URL of the linking page.

In addition to Cookies, the Website may use web beacons. Web beacons allow us to count the number of users who have visited or accessed the Website and to recognize users by accessing our cookies. We may employ web beacons to facilitate Website administration and navigation, track the actions of users of the Website, compile aggregate statistics about Website usage and response rates, and provide an enhanced online experience for visitors to the Website. We may also include web beacons in HTML-formatted email messages that we send to determine which email messages were opened. A web beacon is often invisible because it is only 1 x 1 pixel in size with no color. A web beacon can also be known as a web bug, 1 by 1 GIF, invisible GIF, and tracker GIF.

WHAT ARE THE DIFFERENT TYPES OF COOKIES AND HOW DO WE USE THEM?
Essential: These are Cookies that are essential for the running of our Website. Without these Cookies, parts of our Website would not function. These Cookies do not track where you have been on the internet and do not gather information about you that could be used for marketing purposes.

Examples of how we may use essential Cookies include:

  • Setting unique identifiers for each unique visitor, so that website numbers can be analyzed.

Functional: These Cookies are used to remember your preferences on our Website and to provide enhanced, more personal features. The information collected by these Cookies is usually anonymized, so we cannot identify you personally. Functional Cookies do not track your internet usage or gather information that could be used for selling advertising.

Examples of how we may use functional Cookies include:

  • Gathering data about visits to our Website, including numbers of visitors and visits, length of time spent on the site, pages clicked on, or where visitors have come from.
  • Eliminating the need for returning users to re-enter their login details.

Analytical Performance: Analytical performance Cookies are used to monitor the performance of our Sites, for example, to determine the number of page views and the number of unique users our Website has. We use this information to improve the user experience or identify areas of the Website which may require maintenance. The information is anonymous (i.e. it cannot be used to identify you and does not contain personal information such as your name and email address) and it is only used for statistical purposes.

Examples of how we may use analytical Cookies include:

  • Measuring users’ behavior
  • Analyze which pages are viewed, for how long, and which links are followed to better develop our Website.

Advertising: Behavioral advertising Cookies, which may be placed on your device by us or our trusted third-party service providers, remember that you have visited a website and use that information to provide you with advertising which is tailored to your interests. This is often called online behavioral advertising and is done by grouping together shared interests based on web browsing history. Your web browsing history can be used to infer things about you (e.g. your age, gender, etc.), and this information may also be used to make advertising on websites more relevant to you. Although behavioral advertising Cookies can track your activity around the internet, these Cookies cannot identify you personally, even if you are signed in to our Website.

Examples of how we may use advertising Cookies include:

  • Manage online advertising. Our approved advertising partners use Cookies together with web beacons to provide advertising to you and to enable us to manage our relationship with those advertisers by, for example, tracking how many unique users have seen a particular advertisement or followed a link in an advertisement.
  • To market to specific users across our Website and third-party sites, so that we and third parties can target advertising to users that will be more relevant to users’ interests.

Third-Party Cookies: You may notice on some pages of our Website that Cookies have been set that are not related to us. When you visit a page with content embedded from, for example, YouTube or Facebook, these third-party service providers may set their own Cookies on your device. We do not control the use of these third-party Cookies and cannot access them due to the way that Cookies work, as Cookies can only be accessed by the party who originally set them. Please check the third-party websites for more information about these Cookies.

HOW CAN YOU MANAGE OR OPT OUT OF COOKIES?
Cookies, including those which have already been set, can be deleted from your hard drive. You can also change the preferences/settings in your web browser to control Cookies. In some cases, you can choose to accept Cookies from the primary site, but block them from third parties. In others, you can block Cookies from specific advertisers, or clear out all Cookies. Deleting or blocking Cookies may reduce the functionality of the Website. To learn more about how to reject Cookies, visit www.allaboutcookies.org or go to the help menu within your internet browser. If you experience any problems having deleted Cookies, you should contact the supplier of your web browser.

Opting out of Analytical Performance Cookies

If you would like to opt out of Analytics Cookies, please do so by clicking on the links below:

Google Analytics: Opt-out Browser Add-on

Opting out of Behavioral Advertising Cookies

If you would like to disable “third party” Cookies generated by advertisers or providers of targeted advertising services, you can turn them off by going to the third party’s website and getting them to generate a one-time “no thanks” cookie that will stop any further Cookies being written to your machine. Here are links to the main third party advertising platforms we use, each of which has instructions on how to do this:

Google Advertising: Advertising Info and How to Manage
NAI: Consumer Opt-out

FURTHER INFORMATION AND CONTACT DETAILS

If you have any questions about or if you would like more information on the Cookies that we use and their purposes, please contact us at [email protected].

WHAT IF THERE ARE CHANGES TO THIS PRIVACY AND SPAM POLICY?

If we change our Privacy and Spam Policy, we will post those changes on our privacy page you are currently viewing (https://www.cra-usa.net/privacy-policy).

RIGHTS RELATED TO YOUR PERSONAL DATA
Under laws in certain countries in which we operate, customers and other visitors to our Website from those countries have a right to access Personal Data about themselves, and to amend, correct, or delete Personal Data that is inaccurate, incomplete, or outdated. We will, upon request, provide you with confirmation regarding whether we are processing Personal Data about you, consistent with applicable law. In addition, upon your request, we will take reasonable steps to correct, amend, or delete your Personal Data that is found to be inaccurate, incomplete, or processed in a manner non-compliant with this Privacy Policy or applicable law, except where the burden or expense of providing access would be disproportionate to the risks to your privacy, where the rights of persons other than you would be violated or where doing so is otherwise consistent with applicable law. Unless prohibited by applicable law, we reserve the right to charge a reasonable fee to cover costs for providing copies of Personal Information that you request.

Please note that while any amendments, corrections, or deletions will be reflected in active user databases (as updated within a reasonable period of time), we may retain all Personal Data for backups, archiving, prevention of fraud and abuse, analytics, and satisfaction of other legal obligations we reasonably believe applicable.

You authorize us to use and disclose any new or modified information that you provide in accordance with this Privacy Policy, and you agree that we are under no obligation to delete or modify information that you have previously chosen to provide us as to which you have not instructed us to take such action. Please remember, however, that if we have already disclosed some of your Personal Data to third parties, we cannot access that Personal Data any longer and cannot force the deletion or modification of any such information by the parties to whom we have made those disclosures.

We may retain your Personal Data to comply with laws, prevent fraud, resolve disputes, troubleshoot problems, assist with any investigations, enforce our contracts, and take other actions otherwise permitted by law.

Please contact us at [email protected] to submit a request or obtain information regarding any of the above. Opt-out: You may opt out of future email communications by following the unsubscribe links in our emails. You may also notify us at [email protected] to be removed from our mailing list.

Access: You may access the personal information we have about you by submitting a request to [email protected].

Amend: You may contact us at [email protected] to amend or update your personal information.

Forget: In certain situations, you may request that we erase or forget your personal data. To do so, please submit a request to [email protected].

California Residents: Pursuant to the California Consumer Privacy Act of 2019 (“CCPA”), you have the right to request disclosure of our data collection and sales practices in connection with our data collection of your Personal Data. You may also request the categories of Personal Data we have collected, the source of the Personal Data, our use of the Personal Data, and if the Personal Data was disclosed or sold to third parties, including the categories of Personal Data sold or disclosed. You also have the right to request a copy of the Personal Data collected about you for the twelve (12) months prior to the date of your request. You have the right to request that we delete your Personal Data, with the exceptions noted above and those delineated in the CCPA. You have the right to request that we do not sell your Personal Data to any third parties. In the event you make such a request, we reserve the right to collect information from you to verify your identity and the right to request such information. All requests made pursuant to the CCPA shall be made to [email protected] or to CRA, Inc., 8161 Hwy 100 #258, Nashville, TN  37221. We will respond to all requests within forty-five (45) days of our receipt of the request, unless we inform you of our need for an extension to the request. We will not discriminate against you for exercising any of your rights under the CCPA.

SENSITIVE PERSONAL INFORMATION
Unless you choose to provide it to us, we do not collect sensitive personal information from you using the Website. This includes your social security number, information regarding race or ethnic origin, political opinions, religious beliefs, health information, criminal background, or trade union memberships. If you elect to submit such information to us, it will be subject to this Privacy and Spam PolicyT.

CHILDREN’S INFORMATION
CRA does not knowingly collect any personally identifiable information from children under the age of 16. If you are under the age of 16, please do not submit any Personal Data through the Website. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to provide Personal Data on the Website without their permission. If a parent or guardian believes that CRA has personally identifiable information of a child under the age of 16 in its database, please contact us immediately at [email protected] and we will use our best efforts to promptly remove such information from our records.

SPAM POLICY
CRA is strongly opposed to spam. We will only send emails to users that have explicitly requested to receive an email from CRA. Examples may include:

  • Users that complete a contact form
  • All communication will be related and relevant to what you have requested.

WEB LINKS
CRA contains links to other sites. Please be aware that CRA is not responsible for the privacy practices or the content of such other sites. We encourage our users to be aware when they leave our site to read the privacy and spam policies of each and every website that collects personally identifiable information. This Privacy and Spam Policy applies solely to information collected by CRA.

EMAIL COMMUNICATIONS

If you send us an email with questions or comments, we may use your personally identifiable information to respond to your questions or comments, and we may save your questions or comments for future reference. For security reasons, we do not recommend that you send nonpublic personal information, such as passwords, social security numbers, or bank account information, to us by email. You may “opt out” of receiving future commercial email communications from us by clicking the “unsubscribe” link included at the bottom of most emails we send, or as provided below; provided, however, we reserve the right to send you transactional emails such as customer service communications.

HOW DO I CONTACT CRA?

If you have any further questions or comments regarding the CRA Website or this Privacy and Spam Policy, you may contact [email protected].

OTHER TERMS AND CONDITIONS

Your access to and use of the Website may also be subject to any separate agreements or terms and conditions you have signed or agreed to with CRA. Please refer to those agreements as needed.

Regardless of any other provision in this Privacy Policy, we reserve the right to disclose any personally identifiable or non-personally identifiable information about you to: (a) fulfill a government request; (b) conform with the requirements of the law or legal process; (c) protect or defend our legal rights or property, our Website, or other users; or (d) protect, in an emergency, the health and safety of our customers or the general public. This includes exchanging information with third parties and organizations in connection with credit risk reduction and fraud protection.

CHANGES TO CRA’S PRIVACY POLICY
The Website may change from time to time. As a result, at times it may be necessary for us to make changes to this Privacy Policy. At a minimum, we will update this Privacy Policy once per year. We reserve the right to update or modify this Privacy Policy at any time and from time to time without prior notice. Please review this policy periodically, especially before you provide any Personal Data. Your continued use of the Website after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised Privacy Policy.