Drummond Group, LLC (“Drummond,” “We,” “Us,” or “Our”) is committed to protecting the privacy and security of your personal information. This Privacy Policy outlines how we collect, use, disclose, and protect the information we collect from visitors to our website (“the Website”), users of our services, and individuals who contact us. Please carefully review this Privacy Policy (“the Policy”) as it contains vital information regarding how we manage and protect your personal information.
Our commitment to privacy extends to every aspect of our operations, from the technology we employ to the policies we implement. We strive to ensure transparency, fairness, and accountability in our data practices. This Privacy Policy is part of our ongoing effort to uphold the highest standards of data protection and to earn your trust as a valued user of our services.
Please note that this Privacy Policy may be changed from time to time to reflect updates in our practices or changes in regulatory requirements. We encourage you to carefully review this policy periodically to stay informed about how we handle your personal information. Any third-party websites linked to or accessible through our Website are not governed by this Privacy Policy. We encourage you to review the privacy policies of such third-party sites before providing any personal information.
1. Information We Collect
1.1. Personal Information and Data Collection: We may collect personally identifiable information (PII)/ data for specified, explicit, and legitimate purposes in accordance with the General Data Protection Regulation (GDPR) such as your name, email address, phone number, postal address, job title, company name, and payment information when you interact with our Website, fill out forms, register for consultation, or use our services. We collect this PII/data with the consent of individuals or as permitted by law for contractual, legal, or legitimate business purposes.
1.2. Sensitive Information: We do not collect sensitive information such as race, ethnicity, religion, political beliefs, health information, or genetic data unless legally required or with your explicit consent.
1.3. Automatically Collected Information: When you visit our Website, we may automatically collect information about your device, browser type, IP address, pages visited, referring/exit pages, and other usage data through cookies, web beacons, and similar technologies:
1.4. Embedded content from other websites: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website. In addition, we may feature embedded content from third-party services such as Google Analytics for device type information and analysis of website usage trends. Embedded forms may request information like name, company, email, and phone number, and when users submit these forms, Sales may collect IP address information to identify repeat visitors. Additionally, we provide access to Box and Monday.com for collaborative purposes, and users are encouraged to review their respective privacy and cookie policies on Box and Monday.com to understand their data collection and protection practices.
2. How We Use Your Information
2.1. Providing Services: We use your personal information to provide you with our services, fulfill your requests, communicate with you, and deliver relevant content. We process your personal information, including registration information and associated non-disclosure information, for security reasons, plan and host expert consultations, events or webinars.
2.2. Customer Support: We may use your information to respond to your inquiries, provide technical support, and address any issues you may encounter. We may also process personal information when you fill out a “Contact Us” web form or request user support, or if you contact us by other means including but not limited to via phone.
2.3. Marketing and Communications: With your consent, we may send you promotional emails, newsletters, updates, and information about our products, services, events, and offers. We may also process your personal information to conduct market research, surveys, advertise to you, provide personalized information about us on and off our websites and to provide other personalized content based upon your activities and interests.
2.4. Analytics and Improvement: We analyze usage data and feedback to improve our Website, , security of our Website, services, customer experience, and develop new features. We also process your personal information including recording phone calls (in accordance with applicable laws) for training, quality assurance, and administration purposes. If required under applicable law, we will give you the option to object to a call being recorded.
Additionally, your personal information (including Usage Data) may be used for internal reporting and business modeling purposes (e.g., forecasting, revenue, capacity planning, product strategy).
2.5. Usage and Licensing Compliance. We process your personal information (including usage data) to assess and manage usage and licensing compliance with the applicable terms of use of our services.
2.6. Security. We process your personal information (including your Usage Data) for the purposes of maintaining our own security, including investigating, detecting and preventing suspicious activity, fraud and cybercrime that may affect us and our services.
3. Who we share your data with
3.1. Service Providers: We may share your information with trusted third-party service providers who assist us in operating our Website, conducting business activities, web-hosting, payment processing, cybersecurity services, vendors or providing any services on our behalf, and such third parties are required to adhere to data protection obligations as per GDPR.
3.2. Drummond Affiliates. With affiliates within the Drummond Group and business partners or internal business units part of our corporate group, to the extent such sharing of data is necessary to fulfill a request you have submitted via our websites or for customer support, marketing, technical operations, event registration and account management purposes.
3.3. Legal Compliance: We may disclose your information when required by law, legal processes, audits or government authorities to comply with legal obligations, enforce our policies, protect our rights, property, or safety, or investigate fraud or security issues.
3.4. Business Transfers: In the event of a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred to a successor entity or third party as part of the transaction.
4. International Transfers:
As a global organization, Drummond may transfer personal information collected through our Website or other means across our group of companies worldwide to facilitate efficient business operations. This may include sharing data with third parties located in various countries, including those outside the EEA, Switzerland, and the UK. These transfers may result in personal information being stored in countries with differing privacy laws, including Europe and the USA. International data transfers outside the EU/EEA are conducted with appropriate safeguards in place, such as Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs).
We maintain and store personal information in systems and applications located in multiple jurisdictions. Access to this information is restricted to authorized personnel or vendors who are bound by privacy requirements. We only make these arrangements or transfers where we are satisfied that adequate levels of protection are in place to safeguard the information held in each country.
Please note that our website may be accessed from anywhere in the world, including countries that may not have specific laws regulating the use and transfer of personal information. By using our services or providing your personal information, you consent to the transfer and processing of your information as described in this privacy policy.
5. Retention Period
5.1. Data Retention: Drummond retains your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
5.2. Account Information: If you have an account with us, we will retain your account information as long as your account is active and for a reasonable period thereafter to comply with legal obligations, resolve disputes, and enforce our agreements.
5.3. Marketing Preferences: If you have provided consent for receiving marketing communications, we will retain your contact information until you unsubscribe or request to be removed from our marketing lists.
5.4. Customer Support: Information collected through customer support interactions may be retained for a reasonable period to address inquiries, provide support, and improve our services.
5.5. Legal and Compliance Requirements: We may retain certain information as required by law, regulatory obligations, or legitimate business purposes, such as tax records, audit trails, and dispute resolution.
5.6. Inactive Accounts: If your account remains inactive for a specified period, we may securely delete or anonymize your personal information in accordance with our data retention policies.
5.7. Data Deletion: Upon request, we will securely delete or anonymize your personal information unless retention is necessary for legal, regulatory, or legitimate business purposes.
5.8. Data Security: During the retention period, we continue to implement appropriate security measures to protect your information from unauthorized access, disclosure, alteration, or destruction.
5.9. Review and Updates: We regularly review our data retention practices and update our retention periods as needed to ensure compliance with legal requirements and industry standards.
6. Data Security
Drummond prioritizes the security of your information and implements industry-standard security measures, including encryption, access controls, firewalls, and intrusion detection systems, to protect against unauthorized access, disclosure, alteration, or destruction. We provide regular employee training on data protection practices, minimize data collection to necessary information, ensure third-party compliance with security standards, and conduct regular monitoring, auditing, and vulnerability assessments. Data collected is processed fairly, lawfully, and transparently, and we do not process more information/data than necessary for the purposes for which it was collected. In the event of a security incident, we have established incident response protocols. While we strive to protect your data, no method of transmission or storage is 100% secure. We encourage user precautions and continually enhance our security practices.
7. Lawful Basis for Data Processing:
We process PII/data based on one or more lawful bases as defined under GDPR, including consent, contractual necessity, legal obligations, vital interests, legitimate interests, or public interest tasks. Where consent is relied upon as a lawful basis for processing, individuals have the right to withdraw consent at any time.
8. Choices About Your Information
8.1. Opt-Out: You have the right to opt-out of certain data collection and processing practices. If you no longer wish to receive promotional communications, newsletters, or marketing materials from us, you may opt-out by using the unsubscribe link provided in our communications or by contacting us using the information provided in the “Contact Us” section of this Privacy Policy.
8.2. Data Subject Rights: Individuals have the right to request access to and rectification or erasure of their PII/ personal data, restrict processing, object to processing, and data portability in accordance with GDPR. Requests to exercise data subject rights can be made by contacting us using the information provided in the “Contact Us” section of this Privacy Policy.
8.3. Cookies and Tracking Technologies: You can manage your cookie preferences and choose whether to accept cookies or disable them through your browser settings. Please note that disabling cookies may affect your experience on our website, and certain features may not function properly.
8.4. Account Information: If you have an account with us, you may update or modify your account information by logging into your account settings or by contacting us directly for assistance.
8.5. Access and Correction: You have the right to request access to your personal information and to correct any inaccuracies. If you would like to review, update, or delete your personal information, please contact us using the information provided in the “Contact Us” section of this Privacy Policy.
8.6. Do Not Track Signals: We do not currently respond to “Do Not Track” signals from web browsers. However, you can still exercise control over certain tracking mechanisms as outlined in this Privacy Policy.
8.7. California Residents’ Opt-Out Rights: If you are a California resident, you may have additional opt-out rights regarding the sale of your personal information, as outlined in the “California Privacy Rights” section 9 of this Privacy Policy.
8.8. Other Legal Rights: Depending on your jurisdiction and applicable laws, you may have additional rights regarding your personal information, such as the right to request data portability or object to certain processing activities. Please contact us for more information about your specific rights.
9. California Privacy Rights & Notice of Collection
9.1. California Residents’ Privacy Rights: If you are a California resident, you may have certain privacy rights under the California Consumer Privacy Act (CCPA) and other applicable California privacy laws. These rights may include the right to request access to your personal information, deletion of your personal information, opt-out of the sale of your personal information, and non-discrimination for exercising your privacy rights.
9.2. Notice of Collection: We collect personal information/data as described in Section 1 of this Privacy Policy. The categories of personal information collected may include identifiers such as name, email address, phone number; commercial information such as products or services purchased; internet or other electronic network activity information; and other categories of personal information described in the “Information We Collect” section of this Privacy Policy.
9.3. Purpose of Collection: We collect personal information for the purposes outlined in this Privacy Policy, including providing compliance, standards, & security expertise solution based services, communicating with you, improving our services, and marketing our products, software and services.
9.4. Data Sharing: We may share your personal information with third parties as described in section 3 and 4 of this Privacy Policy. If you prefer that we do not share your personal information with third parties for such purposes, you may opt-out by contacting us using the information provided in the “Contact Us” section of this Privacy Policy.
9.5. Sale of Personal information: We do not believe we engage in such activity and have not engaged in such activity in the past twelve months (including that we do not “sell” the personal information of minors under 16 years of age). If you are a California resident and wish to opt-out of the sale of your personal information, please refer to the “California Privacy Rights” section or contact us using the information provided in the “Contact Us” section of this Privacy Policy.
10. Children’s Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personally identifiable information from children without parental consent. If you believe we have collected information from a child, please contact us to remove the data.
11. Changes to Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or industry standards. We will notify you of any material updates by posting the revised policy on our Website or through other communication channels.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, our practices, or your personal information, please contact us at privacyoffice@drummondgroup.com
This privacy policy complies with applicable privacy laws, including but not limited to the California Online Privacy Protection Act (CalOPPA), General Data Protection Regulation (GDPR), and outlines how we collect, use, and protect your personal information.
3622 Lyckan Parkway, Suite #3003
Durham, NC 27707 USA
© 2025 Drummond Group, LLC. All rights reserved. All brand names and trademarked logos used on this website are for identification purposes only and are the property of their respective owners. Their inclusion here does not imply endorsement, sponsorship, or affiliation with Drummond. All content, including text, images, graphics, and other materials, is protected by copyright law and may not be reproduced, distributed, or transmitted without prior written permission from Drummond Group, LLC.
DISCLAIMER: The services offered by Drummond Advisory Services are separate and distinct from the Drummond Group Test Lab and Certification Body. The purpose of Drummond Advisory Services is to provide expert support and guidance for the planning, analysis, and execution of certification activities; it does not negate the steps or required actions of the certification process. Use of Drummond Advisory Services does not guarantee successful ONC Health IT testing or certification.
