Last updated on 1 September 2023

Notwithstanding anything to the contrary set forth in any engagement agreement, confidentiality or non-disclosure agreement or any other agreement between Bain & Company, Inc. or its affiliate(s) (“Bain”) and its client, as identified in the relevant Engagement Letter, Work Order, Statement of Work or other similar agreement (“Client” or “you”), the following terms shall apply to the processing of your personal data (“Client Data”) by Bain when we use Aster in connection with a consulting project being performed or proposed to be performed by Bain for you, provided Client does not get direct access to Aster. The term “personal data” shall mean any information relating to an identified or identifiable natural person that is provided by Client to Bain. These terms shall only apply to the processing of personal data by Bain as part of or in relation to Aster.

1. Client consents to the use of Aster, Bain’s proprietary solution for organizational design work, which allows Bain case teams to rapidly ingest HRIS data, diagnose and visualize the current state, and design future state organizational structures and teams, for the purpose or in connection with the consulting project.
2. Client authorizes Bain to access and process the Client Data for the purposes described herein. Client is responsible for the accuracy and integrity of the Client Data that it provides to Bain. Client acknowledges that it is not Bain’s responsibility to check, validate, or review the Client Data.
3. Client represents that it has the requisite authorizations and consents to make the Client Data available to Bain. Client agrees that Bain is not liable in respect of any unauthorized or unlawful disclosure of the Client Data to Bain. For the avoidance of any doubt, this paragraph does not impact, lessen or reduce Bain’s obligations of confidentiality to Client.
4. Bain will process the Client Data as a data processor and confirms that it will:
   • only process such Client Data in accordance with Client’s written instructions and for the sole purpose of providing the services to Client;
   • implement and maintain technical and organizational measures at a level appropriate to the security of Client Data;
   • notify Client promptly (where permitted under applicable law) if Bain receives any request to access Client Data by an individual, regulator or government authority, and provide reasonable assistance to Client to help Client comply with any such request;
   • notify Client promptly if Bain suffers any incident that may impact Client Data;
   • not disclose Client Data to any third party without Client’s prior written consent, save as required by applicable law or in accordance with the terms set out below;
   • upon written request, provide Client with details of Bain’s Processing of Client Data, including the technical and organizational measures Bain has employed to protect the Personal Data;
   • delete Client Data at the end of the project; and
   • in addition, where the Personal Data relates to consumers resident in the State of California, the parties confirm that Bain is a service provider as defined in the California Consumer Privacy Act and will not retain, use or disclose the Personal Data for any purposes other than those specified in the Order Form.

Client agrees that Bain may (i) transfer the Client Data to third party servers or on cloud-based servers for storage and back-up purposes (in particular, to Microsoft Corporation, Druva, Inc. and Amazon Web Services, Inc.) located in the USA, and (ii) transfer the Client Data to Echelon Consulting LLC (located in the USA) and Echelon BPO Private Limited (located in India), for support and development services. In addition, support might also be provided by employees of Bain affiliates in the United States and India.

Notwithstanding anything to the contrary in these terms, Bain may collect and compile data and metrics related to or derived from Client Data that is used by Bain in an anonymized manner, including to compile statistical and performance information related to the provision and operation of the Services or anonymized key performance indicators or benchmarks (“Anonymized Statistics”). As between Bain and Client, all right, title, and interest in Anonymized Statistics, and all Intellectual Property Rights therein, belong to and are retained solely by Bain. Client agrees that Bain may use the Anonymized Statistics to improve and enhance the Service and for other development, diagnostic and corrective purposes in connection with the Service and other Bain offerings, and disclose the Anonymized Statistics to clients and other third parties as part of services offered by Bain.