Challenger Privacy Policy

Effective Date: January 20, 2023

Last Updated: July 26, 2024

Challenger and its Affiliates are committed to protecting your information. Please read this Privacy Notice (this “Notice”) carefully as it sets out important information relating to how we handle your personal information, both as a “controller” or “business” and as a “processor” or “service provider” on behalf of our customers, as these terms are defined by applicable law.

Contact Us
Questions, comments and requests regarding this Notice should be addressed through the following means:

Address
Attn: Chief Financial Officer
Challenger Performance Optimization, Inc.
2045 W Grand Ave
Ste B PMB 89975
Chicago, IL 60612-1577, USA

Email
privacy@challengerinc.com

For California Residents
If you are a resident of California, please see Section 10.1 California below for information about the categories of personal information we may collect and your rights under California privacy laws.

For Persons in the European Economic Area (EEA)/United Kingdom (UK)
Please also read Section 10.2 General Data Protection Regulation (GDPR), for more information about how we use your personal information and your rights under applicable laws. As used in this Notice, “GDPR” refers to both the European Union (EU) GDPR and UK GDPR.

Challenger Companies Issuing This Notice
In this Notice, references to “we,” “us,” “our,” or “Challenger” are references to Challenger Performance Optimization, Inc. “Affiliates” are companies or entities that are controlled by or under common control with Challenger.

Table of Contents

  1. Introduction
  2. Information that we collect about you
  3. When we disclose your information
  4. Retention periods
  5. Choices about your information
  6. Security
  7. Cookies and similar technologies
  8. External links
  9. Changes to this Notice
  10. Additional information

1. Introduction

This Notice sets out how we will collect and use your personal information, and the choices and rights available to you in connection with our use of your personal information.

This Notice describes our practices when using your information when you:

  1. express an interest in or have signed up for our events or products including newsletters, extensions, webinars and e-books;
  2. activate your Challenger user account and/or license;
  3. attend a Challenger event, such as an in-person training, presentation, assessment, or other educational program;
  4. visit our websites (including our public website and client-facing learning management systems) or social media websites; or
  5. provide us your information through our Contact Us page, email, or in other similar ways.

This Notice will apply whether you have provided the information directly to us or we have obtained it from a different source, such as a third party.

In addition, this Notice applies to information we collect from third-party lead generation providers in order to find more potential customers who may be interested in our services.

This Notice does not apply to personal information we collect or process from individuals acting as Challenger employees, independent contractors with whom we engage, or candidates or applicants for positions at Challenger; other notices apply.

When our customers purchase our services, we process the information of individuals at our customers’ direction and on their behalf. Where we are acting as a service provider or processor to our customers, our customer’s privacy policy, other policies, and/or their agreements with their employees will dictate the scope and manner of processing, not this Notice. See more information at Section 2.5 Information we collect or process on behalf of others below.

Back to the top

2. Information that we collect about you

2.1 Data collection and usage

Information we collect when you attend one of our events, including training, development, and assessment programs

Categories of information we collect about you:

  • Information you provide us when registering your attendance such as name, business email address, profile photograph, job title, professional interests, and requested accommodation;
  • Information provided to us by your employer or an affiliate who purchases services from us;
  • Information collected when we record one of our events, such as audio, video, and still images of you; and
  • Your responses to any surveys regarding our products or services.

We use this information for certain purposes, relying on the following legal bases:

  • Enabling you to attend our events; under GDPR, the legal basis for this processing is to perform our obligations to you under the event terms, or if your employer has entered into our event terms, our legitimate interests in performing our obligations under customer contracts in order to promote our services;
  • Facilitating the smooth running of events; under GDPR, the legal basis for this processing is to perform our obligations to you under the event terms, or if your employer has entered into our event terms, our legitimate interests in performing our obligations under customer contracts in order to promote our services;
  • Marketing our events; under GDPR, the legal basis for this processing is your consent (where required), or otherwise our legitimate interests in promoting our events in order to grow our sales;
  • Providing recordings of certain event sessions to interested business contacts, attendees, and online through our website or Challenger social media websites; under GDPR, the legal basis for this processing is our legitimate interests in promoting our events in order to grow our sales;
  • To protect our business operations, our rights, and those of our stakeholders and investors; under GDPR, the legal basis for this processing is our legitimate interests in protecting and defending our rights and our reputation in the market;
  • To investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of our Terms and Conditions of Use; under GDPR, the legal basis for this processing is our legitimate interests in protecting and defending our rights and our reputation in the market;
  • To comply with applicable legal or regulatory obligations, including as part of a judicial proceeding, to respond to a subpoena, warrant, court order, or other legal process, or as part of an investigation or request, whether formal or informal, from law enforcement or a governmental authority; under GDPR, the legal basis for this processing is compliance with EEA or UK law, where such law applies; in all other cases, the legal basis is our legitimate interests in complying with applicable law in order to conduct our business in a compliant manner;
  • To conduct financial, tax, and accounting audits, audits and assessments of our operations, including our privacy, security, and financial controls, as well as for risk and compliance purposes; under GDPR, the legal basis for this processing is our legitimate interests in complying with applicable law in order to conduct our business in a compliant manner;
  • To maintain appropriate business records and enforce our policies and procedures; under GDPR, the legal basis for this processing is compliance with EEA or UK law, where such law applies; in all other cases, the legal basis is our legitimate interests in complying with applicable law in order to conduct our business in a compliant manner;
  • To assess and implement mergers, acquisitions, reorganizations, bankruptcies, and other business transactions such as financings; under GDPR, the legal basis for this processing is our legitimate interests in operating our business as efficiently as possible to protect stakeholders and grow our market share;
  • To administer our business, accounting, auditing, compliance, recordkeeping, and legal functions; under GDPR, the legal basis for this processing is compliance with EEA or UK law, where such law applies; in all other cases, the legal basis is our legitimate interests in complying with applicable law and optimizing our administrative processes in order to conduct our business in a compliant and efficient manner; or
  • For any other business purpose stated when collecting your personal information; under GDPR, the legal basis will be as stated when collecting the personal information.

Where we rely on your consent, you have the right to withdraw consent by contacting us at privacy@challengerinc.com.

Information we collect from users of:

Our website; and

Challenger webpages on social media websites such as LinkedIn, Facebook, or Instagram.

Categories of information we collect about you:

  • Information you provide to us either on our website or in person, such as when you provide contact details or answer online questionnaires or feedback forms;
  • Information that you provide in response to surveys regarding our programs, products and services; and
  • Information you provide when you subscribe to email newsletters such as name, email address, and job title.

We use this information for certain purposes, relying on the following legal bases:

  • Enabling you to access your online Challenger accounts across devices; under GDPR, the legal basis for this processing is to perform our obligations to you under our Terms and Conditions of Use, or if your employer has entered into service terms, our legitimate interests in performing our obligations under customer contracts in order to increase our sales;
  • Personalizing the experience of our website and learning management systems; under GDPR, the legal basis for this processing is to perform our obligations to you under the applicable service terms, or if your employer has entered into service terms, our legitimate interests in performing our obligations under customer contracts in order to increase our sales;
  • Administering our website; under GDPR, the legal basis for this processing is our legitimate interests in facilitating use of our website in order to increase our sales;
  • Administering our learning management systems; under GDPR, the legal basis for this processing is to perform our obligations to you under the applicable service terms, or if your employer has entered into service terms, our legitimate interests in performing our obligations under customer contracts in order to increase our sales;
  • Enabling peer networking opportunities based on your background and experience; under GDPR, the legal basis for this processing is to perform our obligations to you under the applicable service terms, or if your employer has entered into service terms, our legitimate interests in performing our obligations under customer contracts in order to increase our sales;
  • Providing better, more customized client service; under GDPR, the legal basis for this processing is to perform our obligations to you under the applicable service terms, or if your employer has entered into service terms, our legitimate interests in performing our obligations under customer contracts in order to increase our sales;
  • Investigating any complaints; under GDPR, the legal basis for this processing is our legitimate interests in ensuring customer satisfaction in order to increase our sales;
  • Monitoring social media content to manage relations with our clients and promote our business and brand; under GDPR, the legal basis for this processing is our legitimate interests in ensuring customer satisfaction in order to increase our sales;
  • To protect our business operations, our rights, and those of our stakeholders and investors; under GDPR, the legal basis for this processing is our legitimate interests in protecting and defending our rights and our reputation in the market;
  • To investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of our Terms and Conditions of Use; under GDPR, the legal basis for this processing is our legitimate interests in protecting and defending our rights and our reputation in the market;
  • To comply with applicable legal or regulatory obligations, including as part of a judicial proceeding, to respond to a subpoena, warrant, court order, or other legal process, or as part of an investigation or request, whether formal or informal, from law enforcement or a governmental authority; under GDPR, the legal basis for this processing is compliance with EEA or UK law, where such law applies; in all other cases, the legal basis is our legitimate interests in complying with applicable law in order to conduct our business in a compliant manner;
  • To conduct financial, tax, and accounting audits, audits and assessments of our operations, including our privacy, security, and financial controls, as well as for risk and compliance purposes; under GDPR, the legal basis for this processing is our legitimate interests in complying with applicable law in order to conduct our business in a compliant manner;
  • To maintain appropriate business records; under GDPR, the legal basis for this processing is compliance with EEA or UK law, where such law applies; in all other cases, the legal basis is our legitimate interests in complying with applicable law in order to conduct our business in a compliant manner;
  • To enforce our policies and procedures; for GDPR purposes, the legal basis for this processing is our legitimate interests in conducting our business consistent with our internal standards to maintain our reputation;
  • To assess and implement mergers, acquisitions, reorganizations, bankruptcies, and other business transactions such as financings; under GDPR, the legal basis for this processing is our legitimate interests in operating our business as efficiently as possible to protect stakeholders and grow our market share;
  • To administer our business, accounting, auditing, compliance, recordkeeping, and legal functions; under GDPR, the legal basis for this processing is compliance with EEA or UK law, where such law applies; in all other cases, the legal basis is our legitimate interests in complying with applicable law and optimizing our administrative processes in order to conduct our business in a compliant and efficient manner; or
  • For any other business purpose stated when collecting your personal information; under GDPR, the legal basis will be as stated when collecting the personal information.

Information we automatically collect about the use of our website from users

Categories of information we collect about you (subject to your prior consent to the extent required):

  • Information captured by cookies, pixel tags/clear GIFs, JavaScript, local storage, log files, and other mechanisms, operated by us or our third-party providers;
  • Information collected via session tracking technologies;
  • Information captured in our web logs: device information (e.g., device brand and model, operating system, and screen dimensions), unique identification numbers (e.g., IP address, MAC address, and device ID), browser information (e.g., URL, browser type, pages visited, date/time of access), language information, geo-location, and other device-specific information and internet connection information;
  • Information from emails we send to you collected by web pixels; advertising information (e.g., size/type of ad, ad impressions, location/format of ad, data about interactions with ad); and
  • Behavioral information (e.g., information on the behavior or presumed interests of individuals, which are linked to those individuals and may be used to create a user profile).

We use this information for certain purposes, relying on the following legal bases:

  • Collecting and analyzing information about your browsing activities and use of Challenger services; under GDPR, the legal basis for this processing is our legitimate interests in improving our website and services to increase user engagement;
  • Personalizing the experience of our website; under GDPR, the legal basis for this processing is our legitimate interests in improving our website and services to increase user engagement;
  • Administering our website; under GDPR, the legal basis for this processing is our legitimate interests in facilitating use of our website in order to increase our sales;
  • Performing statistical and trend analysis to improve the user experience and performance of our website; under GDPR, the legal basis for this processing is our legitimate interests in improving our website and services to increase user engagement;
  • Conducting targeted marketing and advertising; under GDPR, the legal basis for this processing is either your consent (where required), or our legitimate interests in promoting our services in order to increase our sales;
  • Providing better, more customized client service; under GDPR, the legal basis for this processing is our legitimate interests in performing our obligations under customer contracts in order to drive repeat business;
  • Verifying account credentials and allow logins; under GDPR, the legal basis for this processing is our legitimate interests in performing our obligations under customer contracts;
  • Tracking bugs and errors and investigating any complaints; under GDPR, the legal basis for this processing is our legitimate interests in improving user experience and ensuring customer satisfaction in order to increase our sales;
  • To understand if you read our emails; under GDPR, the legal basis for this processing is our legitimate interests in better targeting our marketing and service messages in order to increase our sales and promote customer satisfaction;
  • To protect our business operations, our rights, and those of our stakeholders and investors; under GDPR, the legal basis for this processing is our legitimate interests in protecting and defending our rights and our reputation in the market;
  • To investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of our Terms and Conditions of Use; under GDPR, the legal basis for this processing is our legitimate interests in protecting and defending our rights and our reputation in the market;
  • To comply with applicable legal or regulatory obligations, including as part of a judicial proceeding, to respond to a subpoena, warrant, court order, or other legal process, or as part of an investigation or request, whether formal or informal, from law enforcement or a governmental authority; under GDPR, the legal basis for this processing is compliance with EEA or UK law, where such law applies; in all other cases, the legal basis is our legitimate interests in complying with applicable law in order to conduct our business in a compliant manner;
  • To conduct financial, tax, and accounting audits, audits and assessments of our operations, including our privacy, security, and financial controls, as well as for risk and compliance purposes; under GDPR, the legal basis for this processing is our legitimate interests in complying with applicable law in order to conduct our business in a compliant manner;
  • To maintain appropriate business records; under GDPR, the legal basis for this processing is compliance with EEA or UK law, where such law applies; in all other cases, the legal basis is our legitimate interests in complying with applicable law in order to conduct our business in a compliant manner;
  • To enforce our policies and procedures; for GDPR purposes, the legal basis for this processing is our legitimate interests in conducting our business consistent with our internal standards to maintain our reputation;
  • To assess and implement mergers, acquisitions, reorganizations, bankruptcies, and other business transactions such as financings; under GDPR, the legal basis for this processing is our legitimate interests in operating our business as efficiently as possible to protect stakeholders and grow our market share; or
  • To administer our business, accounting, auditing, compliance, recordkeeping, and legal functions; under GDPR, the legal basis for this processing is compliance with EEA or UK law, where such law applies; in all other cases, the legal basis is our legitimate interests in complying with applicable law and optimizing our administrative processes in order to conduct our business in a compliant and efficient manner.

Where we rely on your consent, you have the right to withdraw consent by contacting us at privacy@challengerinc.com.

Other information collected and why we use it

Categories of information we collect about you:

  • Personal information: name and title, contact details, company name, business title, and email address;
  • Communications with you; and
  • Information you provide when posting content on social media websites.

Sources (if not collected directly from you):

  • Audio recordings of calls between you and Challenger and our Affiliates or service providers (recorded following notice and consent as required by applicable law);
  • Third-party referrals including from within the Challenger group;
  • Social media websites and other public internet websites;
  • Public resources, meaning telephone directories, internet websites, and commercially available marketing lists; and
  • Your employer or affiliate who is our customer and purchases services from us.

We use this information for certain purposes, relying on the following legal bases:

  • Facilitating our business through communication with corporate clients and other business contacts, for example, to communicate about vendor briefings or details of events or webinars; under GDPR, the legal basis for this processing is our legitimate interests in managing and promoting our brand;
  • For internal analysis and research to help us improve our services; under GDPR, the legal basis for this processing is our legitimate interests in improving services to increase our sales;
  • To send marketing to business contacts regarding our services and products which may be of interest and to promote our business and brand; under GDPR, the legal basis for this processing is your consent (where required); otherwise, the legal basis is our legitimate interests in promoting our services to increase our sales;
  • Administering our website and investigating any complaints; under GDPR, the legal basis for this processing is our legitimate interests in facilitating use of our website and ensuring customer satisfaction in order to increase our sales;
  • Providing customer service; under GDPR, the legal basis for this processing is our legitimate interests in performing our obligations under customer contracts in order to drive repeat business;
  • Monitoring social media content to manage relations with our clients and promote our business and brand; under GDPR, the legal basis for this processing is our legitimate interests in ensuring customer satisfaction in order to increase our sales;
  • To secure the services we provide and our systems, including our websites, and to prevent and detect fraud, unauthorized activities and access, and other misuse of our websites and the services we provide; under GDPR, the legal basis for this processing is our legitimate interests in protecting our services and assets, and thereby our reputation in the market;
  • To protect our business operations, our rights, and those of our stakeholders and investors; under GDPR, the legal basis for this processing is our legitimate interests in protecting and defending our rights and our reputation in the market;
  • To investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of our Terms and Conditions of Use; under GDPR, the legal basis for this processing is our legitimate interests in protecting and defending our rights and our reputation in the market;
  • To comply with applicable legal or regulatory obligations, including as part of a judicial proceeding, to respond to a subpoena, warrant, court order, or other legal process, or as part of an investigation or request, whether formal or informal, from law enforcement or a governmental authority; under GDPR, the legal basis for this processing is compliance with EEA or UK law, where such law applies; in all other cases, the legal basis is our legitimate interests in complying with applicable law in order to conduct our business in a compliant manner;
  • To conduct financial, tax, and accounting audits, audits and assessments of our operations, including our privacy, security, and financial controls, as well as for risk and compliance purposes; under GDPR, the legal basis for this processing is our legitimate interests in complying with applicable law in order to conduct our business in a compliant manner;
  • To maintain appropriate business records; under GDPR, the legal basis for this processing is compliance with EEA or UK law, where such law applies; in all other cases, the legal basis is our legitimate interests in complying with applicable law in order to conduct our business in a compliant manner;
  • To enforce our policies and procedures; for GDPR purposes, the legal basis for this processing is our legitimate interests in conducting our business consistent with our internal standards to maintain our reputation;
  • To assess and implement mergers, acquisitions, reorganizations, bankruptcies, and other business transactions such as financings; under GDPR, the legal basis for this processing is our legitimate interests in operating our business as efficiently as possible to protect stakeholders and grow our market share;
  • To administer our business, accounting, auditing, compliance, recordkeeping, and legal functions; under GDPR, the legal basis for this processing is compliance with EEA or UK law, where such law applies; in all other cases, the legal basis is our legitimate interests in complying with applicable law and optimizing our administrative processes in order to conduct our business in a compliant and efficient manner; or
  • For any other business purpose stated when collecting your personal information; under GDPR, the legal basis will be as stated when collecting the personal information.

Where we rely on your consent as the legal basis, you have the right to withdraw consent by contacting us at privacy@challengerinc.com.

2.2 Sensitive personal information

Under applicable laws, such as the GDPR, certain types of personal information are considered “sensitive” or “special category.” We do not currently collect or process sensitive personal information or special category data. If we do so in the future, we will provide notice of what type of information we would collect, and how and why we would use it.

2.3 Further information

In certain circumstances, if you do not provide personal information that is required (for example, in relation to activating your account on a Challenger learning management system [Challenger Hub or Effortless Experience Learning Portal]), we will not be able to perform our obligations under the contract with your employer or may not be able to provide you with products and services. We will make it clear if and when this situation arises and what the consequences of not providing the information will be.

2.4 Personal information of children

Our websites and online services are for individuals who are at least 18 years of age. Our online services are not designed to be used by individuals under the age of 18. We do not knowingly collect or solicit personal information from individuals under 18. If you are under 18 years old, please do not attempt to register for or otherwise use any of our services or send us any personal information. If we learn we have collected personal information from an individual under 18, we will delete that information as quickly as possible. If you believe that an individual under 18 may have provided us with personal information, please contact us at privacy@challengerinc.com.

2.5 Information we collect or process on behalf of others

Challenger collects or processes your personal information on behalf of our customers obtaining our services to deliver educational and skill building content for use by their employees and understanding whether material has been learned. In these circumstances, Challenger operates as a “service provider” or “processor” under applicable law; our customers direct how personal information is collected and processed and for what purposes. In these cases, our customer’s privacy policy, other policies, and/or their agreements with their employees will dictate the scope and manner of processing, not this Notice.

For example, Challenger or its Affiliates may collect your personal information on behalf of one of our customers as follows:

  • Employee use of our public- and client-facing learning management systems, including but not limited to assessments of individuals’ sales potential;
  • Information that our customer chooses to collect, which can include categories such as name, address, phone number, and email address;
  • Where you have an account on a Challenger learning management system (Challenger Hub or Effortless Experience Learning Portal) account — log-in and similar credentials and information about use and preferences for these services;
  • Information your organization provides to setup your user account on Challenger learning management systems (Challenger Hub) including name, business email address, and organization;
  • Optional information you provide when completing your profile in your account within a Challenger learning management system including location, country, time zone, and language preference;
  • Information that you provide when you participate in classes, training, learning modules, and similar programs, including responses to assessments and quizzes; and
  • Information collected from surveys or diagnostic tools.

Back to the top

3. When we disclose your information

We may disclose your personal information to the following categories of third parties as follows:

  • To Affiliates and service providers in order to process personal information for purposes described in Section 2.1 Data collection and usage;
  • To Challenger strategic partners with whom Challenger offers or promotes products or services or who promote Challenger products or services on our behalf;
  • To third parties who work on our behalf to service or maintain business contact databases and other IT systems, such as suppliers of the IT systems that we use to process personal information or who provide other technical services, such as printing;
  • To third parties providing services to us who have a need to access your information, such as our professional advisors (e.g., auditors and lawyers) or venues for our events;
  • To law enforcement, courts, dispute resolution bodies, parties to disputes and their counsel and advisors, government agencies where we believe doing so is necessary to protect our business or our services, our rights and property, or the rights, property, health, and safety of others;
  • To national security or law enforcement agencies and public authorities when replying to lawful requests; and
  • To a potential or actual buyer of our company, business or assets (including in bankruptcy), investor, or relevant advisors.

We may also disclose de-identified and/or aggregated personal information; such information would cease to be personal information.

Back to the top

4. Retention periods

We will retain your personal information for as long as required to perform the purposes for which the information was collected, depending on the circumstances in which that information was obtained and/or whether additional legal/regulatory obligations mandate that we retain your personal information. We may also retain personal information for the period during which a claim may be made in relation to our dealings with you.

In general terms, this will mean that your personal information will be kept for the duration of our relationship with you and:

  • the period required by tax and applicable laws and regulations; and
  • as long as it is possible for you to be able to bring a claim against us and necessary for us to be able to defend ourselves against any legal claims.

This will generally be the length of the relationship plus the length of any applicable statutory limitation period under local laws. For example, for marketing contact data, we will retain your information for approximately two years.

Back to the top

5. Choices about your information

We believe it is important to give you choices about the use of your information. We will use your information as described in this Notice (or any other event- or service-specific notice). If we want to use your information for a purpose not described in this Notice, we will first get your consent to do so.

Marketing Communications
We will respect your wishes not to receive marketing communications. You can change your marketing preferences by contacting us at privacy@challengerinc.com. If you are currently receiving marketing communications (e.g., via email), you can opt out at any time by using the unsubscribe links or instructions included at the bottom of our emails. Please note that we will continue to send you service-related communications regardless of any opt-out request.

We will not sell your personal information, for monetary compensation, to third parties for their own promotional or marketing purposes unless you give us consent to do so and where permitted by applicable law.

Back to the top

6. Security

We have implemented administrative, technical, and physical security measures to help prevent unauthorized access. Despite these measures, no data transmission over the Internet can be entirely secure, and we cannot and do not guarantee or warrant the security of any information you transmit via our websites or apps. Please note that you are responsible for maintaining the security of your credentials used to access any Challenger service or account, and you are encouraged to report suspected unauthorized activity to us.

We make efforts to restrict access to information to only those employees, contractors, and agents who need such access in order to operate, develop, improve, or deliver our programs, products, and services.

Back to the top

7. Cookies and similar technologies

A cookie is a small text file which includes a unique identifier that is sent by a web server to the browser on your computer, mobile phone, or any other internet enabled device when you visit an online site. Cookies and similar technologies are widely used to make websites work efficiently and to collect information about your online preferences. For simplicity, we refer to all these technologies as “cookies.” For more information about how Challenger uses cookies, please see our Cookie Policy.

Some of our website pages may contain electronic images known as web beacons (also known as clear gifs, tags, or pixels) that allow us to count users who have visited our pages. Web beacons collect only limited information, e.g., a cookie number, time and date of a page view, and a description of the page on which the web beacon resides. We may also carry web beacons placed by third-party advertisers. These beacons generally do not carry information that could directly identify you.

We use the following types of cookies:

  • Necessary Cookies: Necessary Cookies are required for providing you with features or services that you have requested. For example, certain cookies enable you to log into secure areas of our services. Disabling these cookies may make certain features and services unavailable.
  • Functional Cookies: Functional Cookies are used to record your choices and settings regarding our services, maintain your preferences over time, and recognize you when you return to our services. These cookies help us to personalize our content for you, greet you by name, and remember your preferences (for example, your choice of language or region).
  • Analytics Cookies: Analytics Cookies allow us to understand how visitors use our services, such as by collecting information about the number of visitors to the services, what pages visitors view via our services, and how long visitors are viewing pages on available through our services.
  • Advertisement Cookies: Advertisement Cookies provide us and our third-party marketing and advertising partners to better tailor content to you on third-party websites and apps.

You can decide whether or not to accept cookies through your internet browser’s settings. Most browsers have an option for turning off cookie features, which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allow you to decide on acceptance of each new cookie in a variety of ways. You can also delete all cookies that are already on your computer. If you do this, however, you may have to manually adjust some preferences every time you visit a site, and this may cause some services and functionalities to not work.

To explore what cookie settings are available to you, look in the “preferences” or “options” section of your browser’s menu. To find out more information about cookies, including information about how to manage and delete cookies, please visit http://www.allaboutcookies.org/.

“Do Not Track”
“Do Not Track” (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that, while we do not respond to or honor DNT signals transmitted by web browsers, we do respond to Global Privacy Control signals as required by applicable law. For more information, see Section 10.1 California below.

Back to the top

8. External links

To provide increased value to you, we provide links to other websites or resources that are not part of the products, programs, or services run by Challenger. We do not control these websites or their privacy practices and any information you provide to these websites is subject to the privacy policies of those websites and not this Notice.

Back to the top

9. Changes to this Notice

Challenger may change this Notice from time to time. Laws, regulations, and industry standards evolve, which may make those changes necessary, or we may make changes to our services or business.  We will post the changes to this page and encourage you to review our Notice to stay informed. If we make changes that materially alter your privacy rights, we will do our best to alert you to changes by placing a notice on the Challenger website, by sending you an email and/or by some other means. Please note that if you’ve opted not to receive legal notice emails from us (or you haven’t provided us with your email address), those legal notices will still govern your use of our services, and you are still responsible for reading and understanding them.

Use of information we collect is subject to the Notice in effect at the time such information is collected.

Back to the top

10. Additional information

10.1 California

In this section, we provide information for California residents, as required under California privacy laws, including the California Consumer Privacy Act (“CCPA”), which requires that we provide California residents certain specific information about how we handle their personal information, whether collected online or offline. Under the CCPA, “personal information” is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.

Notice at Collection
The following sub-sections below, read together, are intended to comply with our obligations for Notice at Collection under the CCPA: “Categories of Personal Information We May Collect or Disclose,” “Purposes of Collection, Use, and Disclosure,” “Retention,” and “Sales and Sharing of Personal Information.”

Scope
This section applies to “personal information” as defined by the CCPA, whether collected online or offline, in our capacity as a business. This section does not address or apply to our handling of publicly available information or personal information that is otherwise exempt under the CCPA. This section also does not apply to personal information we collect about job applicants to jobs at Challenger, independent contractors, or current or former full-time, part-time, and temporary employees, officers, directors, or owners of Challenger; different notices apply.

Categories of Personal Information We May Collect or Disclose
The table below sets out generally the categories of personal information we may collect about you (and may have collected in the prior 12 months), as defined by the CCPA, as well as the categories of third parties and other entities to whom we may disclose this information for a business or commercial purpose. Our collection and disclosure of personal information about a California resident will vary depending upon the circumstances and nature of our interactions or relationship with such individuals.

Category of Personal Information

Identifiers: Includes direct identifiers such as name, alias, postal address, email address, unique personal identifier, online identifier, Internet Protocol (IP) address, and account name.

To Whom We May Disclose for a Business or Commercial Purpose

  • Affiliates
  • Service providers and vendors
  • Advisors and agents
  • Data analytics providers
  • Advertising networks
  • Social networks
  • Regulators, government entities, and law enforcement
  • Others as required by law

Category of Personal Information

Customer Records: As defined by Cal. Civil Code § 1798.80, this category includes information such as signature and physical characteristics or description.

To Whom We May Disclose for a Business or Commercial Purpose

  • Affiliates
  • Service providers and vendors
  • Advisors and agents
  • Regulators, government entities, and law enforcement
  • Others as required by law

Category of Personal Information

Commercial Information: Includes records of goods or services purchased, obtained, or considered, or other purchasing or use histories or tendencies.

To Whom We May Disclose for a Business or Commercial Purpose

  • Affiliates
  • Service providers and vendors
  • Advisors and agents
  • Data analytics providers
  • Regulators, government entities, and law enforcement
  • Others as required by law

Category of Personal Information

Usage Data: Internet or other electronic network activity information, including but is not limited to, browsing history, clickstream data, search history, and information regarding interactions with our websites, advertisements, or emails, including other usage data related to your use of any Challenger services.

To Whom We May Disclose for a Business or Commercial Purpose

  • Affiliates
  • Service providers and vendors
  • Advisors and agents
  • Data analytics providers
  • Advertising networks
  • Social networks
  • Others as required by law

Category of Personal Information

Location Data: Such as general location information about a particular individual or device.

To Whom We May Disclose for a Business or Commercial Purpose

  • Affiliates
  • Data analytics providers
  • Regulators, government entities, and law enforcement
  • Others as required by law

Category of Personal Information

Audio, Visual, and Other Electronic Data: Such as information collected via call recordings if you are interacting with us in a customer service capacity or if you call us on a recorded line, recorded meetings and webinars, videos, photographs, and user profile images.

To Whom We May Disclose for a Business or Commercial Purpose

  • Affiliates
  • Service providers and vendors
  • Advisors and agents
  • Regulators, government entities, and law enforcement
  • Others as required by law

Category of Personal Information

Professional or Employment-Related Information: Such as job title, company name, business email, business phone number, and other similar professional-related information.

To Whom We May Disclose for a Business or Commercial Purpose

  • Affiliates
  • Service providers and vendors
  • Advisors and agents
  • Regulators, government entities, and law enforcement
  • Others as required by law

Category of Personal Information

Inferences: Such as inferences drawn from any of the information described in this chart above about a California resident including inferences reflecting the individual’s preferences (including professional preferences), characteristics, behaviors, attitudes, abilities, and aptitudes.

To Whom We May Disclose for a Business or Commercial Purpose

  • Affiliates
  • Service providers and vendors
  • Data analytics providers
  • Regulators, government entities, and law enforcement
  • Others as required by law

Sources of Personal Information
We generally collect personal information from the following categories of sources:

  • Directly from individuals;
  • Government agencies or public records;
  • Vendors and service providers;
  • Business partners;
  • Data analytics providers and advertising networks;
  • Social media platforms;
  • Internet service providers and operating systems and platforms; and
  • Business customers and clients.

For additional information about from whom we collect personal information, please review Section 2 Information we collect about you, above.

Purposes of Collection, Use, and Disclosure
In general, we collect and otherwise process personal information for the following business or commercial purposes, or as otherwise directed or consented to by you:

  • To provide our goods and services to you and improve them;
  • To conduct business operations;
  • To conduct internal research and analysis about our goods, services, and events;
  • To manage our events;
  • To market our goods and services to you and otherwise communicate with you;
  • To administer and secure our websites, social media accounts, and other online services;
  • To investigate any complaints;
  • To protect our business operations, our rights, and those of our stakeholders and investors;
  • For security purposes;
  • For general business operations and M&A purposes;
  • For internal investigation and audit purposes; and
  • To enforce our legal rights and comply with our legal obligations.

For additional information about our purposes for collecting, using, and disclosing personal information, please review Section 2 Information we collect about you, above.

Retention
We retain the personal information we collect only as reasonably necessary for the purposes described above or otherwise disclosed to you at the time of collection. For additional information, please review Section 4 Retention periods, above.

Rather than delete your data, we may instead de-identify it by removing identifying details. As required by applicable law, we will not attempt to re-identify de-identified data except as permitted to test our de-identification systems.

Sales and Sharing of Personal Information
The CCPA defines “sale” as disclosing or making available personal information to a third party in exchange for monetary or other valuable consideration, and “sharing” includes disclosing or making available personal information to a third party for purposes of cross-context behavioral advertising. While we do not disclose personal information to third parties in exchange for monetary compensation, we may “sell” or “share” the following categories of personal information: identifiers, usage data, and commercial information. We may disclose these categories to third-party advertising networks, analytics providers, and social networks for purposes of marketing and advertising and to improve and measure our ad campaigns. We do not sell or share sensitive personal information, nor do we sell or share personal information about individuals we know are under age sixteen (16).

Sensitive Personal Information
Notwithstanding the above, we generally do not collect, use, or disclose “sensitive personal information,” and we do not go beyond the purposes authorized by applicable privacy law. Accordingly, we only use and disclose sensitive personal information as reasonably necessary and proportionate: (i) to perform our services requested by you; (ii) to help ensure security and integrity, including to prevent, detect, and investigate security incidents; (iii) to detect, prevent, and respond to malicious, fraudulent, deceptive, or illegal conduct; (iv) to verify or maintain the quality and safety of our services; (v) for compliance with our legal obligations; (vi) to our service providers who perform services on our behalf; and (vii) for purposes other than inferring characteristics about you.

California Privacy Rights
California privacy law provides California residents with specific rights regarding personal information. Subject to certain conditions and exceptions, California residents have the following rights with respect to their personal information:

  • Right to Know: You have the right to request: (i) the categories or personal information we collected about you; (ii) the categories of sources from which the personal information is collected; (iii) our business or commercial purposes for collecting, selling, or sharing personal information; (iv) the categories of third parties to whom we have disclosed personal information; and (v) a copy of the specific pieces of personal information we have collected about you.
  • Right to Delete: You have the right to request that we delete personal information we have collected from you.
  • Right to Correct: You have the right to request that we correct inaccuracies in your personal information.
  • Right to Opt Out of Sales and Sharing: You have the right to opt out of “sales” and “sharing” of your personal information, as those terms are defined under the CCPA.
  • Right to Limit Use and Disclosure of Sensitive Personal Information: You have the right to limit use and disclose of your sensitive personal information. We do not use or disclose sensitive personal information beyond the purposes authorized by the CCPA; thus, this right is not available to California residents.
  • Right to Non-Discrimination: You have the right not to be subjected to discriminatory treatment for exercising any of the rights described in this section.

Exercising Your Privacy Rights
California residents may exercise their privacy rights as set forth below:

  • Right to Know, Delete, and Correct: California residents may submit CCPA requests to know/access, delete, and correct their personal information by:

When you submit a request, we will take steps to verify your identity and request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information in order to verify your identity or where necessary to process your request. If we are unable to verify your identity after a good faith attempt, we may deny the request, and if so, will explain the basis for the denial.

You may also designate someone as an authorized agent to submit requests and act on your behalf. Authorized agents will be required to provide proof of their authorization in their first communication with us, and we may also require that the relevant individual directly verify their identity and the authority of the authorized agent.

  • Right to Opt Out of Sales and Sharing: To exercise your right to opt out of the “sale” or “sharing” of your personal information under CCPA, you may do so via our cookie preference manager. We will apply your opt-out based upon the personal information in our records that is linked or reasonably linkable to the information provided in your request. You may also click the “Do Not Sell or Share My Personal Information” link at the bottom of our websites.

In addition, if we detect that your browser or device is transmitting an opt-out preference signal, such as the “global privacy control” or “GPC” signal, we will opt that browser or device out of cookies that result in a “sale” or “sharing” of your personal information. If you come to our websites or use our services from a different device or from a different browser on the same device, you will need to opt out, or use an opt-out preference signal, for that browser and/or device as well. More information about GPC is available at: https://globalprivacycontrol.org/.

Contact Us
For more information about our privacy practices, you may contact us as set forth in the Contact Us section above.

10.2 General Data Protection Regulation (For Persons in the EEA or UK)

Controller
The controller of your personal information is:

Challenger Performance Optimization, Inc.
2045 W Grand Ave
Ste B PMB 89975
Chicago, IL 60612-1577, USA
Email: privacy@challengerinc.com

Your Rights
Subject to certain limitations and restrictions laid out in the GDPR, you have the following rights:

  • Right to Access: You have the right to request access to and a copy of any of your personal information that we hold and to obtain information about the processing of that information.
  • Right to Correct: We will take steps in accordance with applicable legislation to keep your personal information accurate, complete, and up to date. You are entitled to have any inadequate, incomplete, or incorrect personal information corrected (that is, rectified).
  • Right to Withdraw Consent: In the event your personal information is processed on the basis of your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Data Portability: Where we are relying (as the legal basis for processing) upon your consent, or the fact that the processing is necessary to perform a contract to which you are party or to take steps at your request prior to entering a contract, and the personal information is processed by automated means, you have the right to receive all such personal information which you have provided us in a structured, commonly used, and machine-readable format, and also to require us to transmit it to another controller where this is technically feasible.
  • Right to Erasure: You are entitled to have your personal information erased under specific circumstances, such as where you have withdrawn your consent, where you object to processing based on legitimate interests and we have no overriding legitimate grounds (see below), or where personal information is unlawfully processed.
  • Right to Restriction of Processing: You have the right to restrict our processing of your personal information (that is, allow only its storage) where:
    • you contest the accuracy of the personal information, until we have taken sufficient steps to correct or verify its accuracy;
    • where the processing is unlawful, but you do not want us to erase the personal information;
    • where we no longer need your personal information for the purposes of the processing, but you require such personal information for the establishment, exercise, or defence of legal claims; or
    • where you have objected to processing justified on legitimate interest grounds (see below), pending verification as to whether we have compelling legitimate grounds to continue processing.

Where your personal information is subject to restriction, we will only process it with your consent or for the establishment, exercise, or defence of legal claims.

  • Right to Object to Processing (Including Profiling) Based on Legitimate Interest Grounds: Where we are relying upon legitimate interests to process personal information, you have the right to object to that processing based on grounds related to your personal situation. If you object, we must stop that processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or we need to process the personal information for the establishment, exercise, or defence of legal claims. Where we rely upon legitimate interest as a basis for processing, we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.
  • Right to Object to Direct Marketing (Including Profiling): You have the right to object to our use of your personal information (including profiling) for direct marketing purposes, such as when we use your personal information to invite you to our promotional events.You may opt out of receiving commercial emails from us by clicking on the opt-out or “unsubscribe” link included in the marketing emails you receive.

Please note that certain services we provide may not be available if you withdraw your consent or otherwise delete or object to our processing of certain personal information.
If you wish to exercise any of your rights, you may contact us with your request at privacy@challengerinc.com or as described in Contact Us above. We will respond to your request in accordance with applicable law, and we will inform you if we do not intend to comply with your request.

You also have a right to lodge a complaint with a supervisory authority or other regulatory agency of your habitual residence, place of work, or place of alleged infringement. A list of data protection supervisory authorities in the EEA is available at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080. The UK data protection supervisory authority can be reached at Contact us | ICO.

Transferring Your Personal Information
Challenger is a global group, and as such, we may transfer personal information to other Challenger group companies or suppliers outside your home jurisdiction. Challenger will take all reasonable steps to ensure that personal information is protected and any such transfers comply with applicable law.

The personal information that we collect from you may be accessed in, or transferred to, and stored in United States, Australia, United Kingdom, and Germany. The United States and Australia do not benefit from a decision of the European Commission or the UK government stating that they provide adequate protection to personal information (except in specific circumstances not relevant to Challenger). Germany, as part of the EEA, benefits from an adequacy decision of the UK government finding that EEA law affords adequate protection to personal information. The United Kingdom benefits from an adequacy decision of the European Commission finding that UK law affords adequate protection to personal information.

The personal information may be stored by Challenger or its service providers or processed by staff operating outside the EEA or the UK who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfillment of a customer order. We will take all steps reasonably necessary to ensure that your data is treated with an adequate level of protection in the jurisdictions in which we process it. We transfer personal information on the basis of an adequacy decision, or standard contractual clauses as approved by the European Commission or UK authority, or other suitable safeguards such as the EU-US Data Privacy Framework or Binding Corporate Rules. A copy of such safeguards may be obtained by contacting privacy@challengerinc.com.

Contact Us
For more information about our privacy practices, to exercise your rights or raise any questions, you may contact us at privacy@challengerinc.com or as set forth in the Contact Us section above.

Back to the top

Terms and Conditions of Use

View terms

Terms and Conditions of Purchase (USA)

View terms

Terms and Conditions of Purchase (Non-USA)

View terms

Sub-Processors

View terms

Data Processing Agreement

View terms

Privacy Policy

View terms

Cookie Policy

View terms