Menu

CMA Global Privacy Notice

EU/UK Residents
If located in the EU or UK, please see Section 19 of this Privacy Notice.

Opt-out of Sale or Sharing
“Do Not Sell or Share My Personal Data” rights, go to Section 16.

Contact Information
For CMA contact details, go to the Contact Us information in Section 22.

Last Updated: November 30, 2025.
Effective Date: December 22, 2025

 

Contents of this Notice

  1. Introduction
  2. Our Services
  3. What is Personal Data?
  4. Data Minimization and Use
  5. When Does this Notice Apply to Your Personal Data?
  6. CMA Global Relationship with You
  7. Children and Teens Under 18
  8. Information We Collect About You and How We Collect It
  9. Sources of Data and Purpose for Use
  10. How and Why CMA Global Discloses Your Personal Data
  11. Your Choices About Collection, Use, and Disclosure of Your Personal Data
  12. What Security is in Place to Protect Against Loss, Misuse, or Alteration of Data?
  13. How Long do we Keep Your Personal Data?
  14. International Data Transfers
  15. What Else Should You Know About Your Privacy?
  16. Privacy Rights for Residents of U.S. States with Applicable Privacy Law
  17. Supplemental Notice to California Residents
  18. Supplemental Notice to Nevada Residents
  19. Your Rights in the EU and the UK
  20. Updates to this Notice
  21. Cookie Notice
  22. Contact Us

 

1. Introduction

This Privacy Notice explains how CMA Global, Inc. (Company, CMA, we, our, or us) collects, uses, and discloses Personal Data as you use or interact with our Services. This Privacy Notice also explains your privacy rights and options with regard to your Personal Data. If you have questions about our privacy practices, please feel free to get in touch with us using the contact information provided below in the Contact Us of this Notice.

2. Our Services

CMA partners with its clients (Clients) to provide leadership development, management consulting, talent assessment, talent development, and team building services, which are described and promoted on our website (the Site) as well as in other materials CMA distributes. CMA’s Site promotes our capabilities, describes our purpose, and collects limited Personal Data from users of the Site. The Site, CMA’s resources and services, including our management consulting, customer service, marketing, training, and other offerings, are CMA’s “Services”. Please keep in mind some Services mentioned specifically in this Notice may not be available at this time.

3. What is Personal Data?

In this Notice, “Personal Data,” “Data” or “Personal Information” refers to information that identifies or can reasonably be associated with or linked (directly or indirectly) to an individual. Certain laws further define Personal Data to include information that could identify or be linked to a specific household or device. Generally, (except in California, the European Union and the United Kingdon) Personal Data excludes information exchanged when a person acts within their role as an employee or representative of an organization.

Anonymous statistics or de-identified information are generally not considered Personal Data because it does not identify individuals. In addition, publicly available information is not protected as Personal Data.

4. Data Minimization and Use

CMA requires a minimal amount of Personal Data to provide our Site and most of our Services. If you choose to share more information, we will process that information in accordance with this Notice. We do not sell Personal Data and we do not share it with third parties for those parties’ own business interests.

5. When Does this Notice Apply to Your Personal Data?

Unless otherwise indicated, we follow the policies outlined in this Notice with respect to Personal Data obtained from or about individuals in the United States through our Services. In certain cases, CMA may provide different or additional notices about our Data practices. For example, if you reside in a U.S. State with a consumer privacy law, Section 16 of this Notice applies to you in addition to the rest of this Notice.

This Notice applies when CMA acts as the “Controller” of the Personal Data we collect through our Services, both online and offline (a Controller is also identified as a “business” under California law). However, it does not cover Data our Clients collect and share with us where we act a “Processor” or “Service Provider” on the Client’s behalf.

We may receive information about you from your employer or potential employer (i.e., our Client) for purposes of providing Services. For example, a Client may provide us with your contact information, including your full name and email address, so you can create a profile with CMA to complete an assessment. Any information you share in your assessment is the property of that Client and the Client controls the data you share in an assessment. Thus, this Notice does not apply to a candidate completing an assessment. Candidates who complete an assessment are governed by the Client’s privacy notice, and not by CMA’s Notice or policies.

In addition, our Site may contain links to other websites, applications, and services from third parties (YouTube, for example). We are also present on social media, and you might see content about CMA elsewhere on the Internet. Please note CMA does not own or control these third-party sites which are controlled and managed by the website owner. The privacy and data security practices of third-party sites are governed by the privacy policies of those third parties, and not by CMA.

6. CMA Global’s Relationship with You

Different categories of Data are collected and processed differently based on the relationship we have with you. The relationship we have with a Clients is different than the relationship we have with Site visitors, or the relationship we have with business partners, service providers, and employees.

A. Site Visitors, Customers, and Consumer Contacts

CMA Global acts as a Controller when you visit our public-facing Site. In addition, if you filled out the “CMA Contact Form” on the Site, communicated with us via phone, email or text or otherwise interacted directly with our Services, CMA is the Controller of the Personal Data associated with your direct interactions with us. CMA does not ultimately own or control the data provided in a candidate assessment; this information is transmitted to the Client (your employer or potential employer), who is solely responsible for its use, storage, and retention. By hosting the assessment on the CMA Global platform, CMA is solely acting in its capacity as a processor for our Client. Accordingly, questions about the use, access, or retention of assessment data should be directed to your employer or potential employer.

B. Business Contacts

If you interact with CMA or its Services on behalf of an organization, such as your employer or a business you own or manage, that organization is the Controller and CMA is generally acting as the Processor. Any Personal Data generated during these interactions is a part of your organization’s account with us and is governed by that organization’s policies, not ours. Please direct any privacy inquiries to your organization’s data protection officer or other data administrator.

However, please note that CMA Global is the Controller of Data for any non-business interactions with us, such as visits to the Site or interactions with our Services in your personal capacity as a consumer.

C. Employees, Job Applicants, and Contractors

If you are a CMA employee, completing our employee onboarding processes, job applicant, or a contractor working with us, the Data we collect from you in that capacity, including through your use of the Site or our Services, is governed by our internal privacy policies, not this Privacy Notice.

D. CMA Global is also a Processor

Where you are an employee or candidate of a CMA Client, you may not be aware they are using CMA’s Services. After you engage with a CMA Client, that Client may use our Services to process Data related to you, such as to conduct a candidate assessment. As this Notice states above, the Client is the Controller of your Data, and CMA is solely the Processor of that Data as directed by the Client to provide Services on its behalf.

7. Children and Teens Under 18

Our Services are not geared toward or intended to solicit, collect or process Personal Data from any individual under the age of 18, and we do not knowingly collect, sell, or share the Personal Data of anyone under the age of 18.  Please contact us using the information in the Contact Us section of this Notice if you believe Data regarding your child (under 13) or teen (under 18)  has been collected by us through our Services.

8. Information We Collect About You and How We Collect It

Some of the information we collect is personal to you. Other information is anonymous. To learn more about your choices for the collection, use, and disclosure of Personal Data, please see Section also applies to you.

We collect the following categories of information:

A. Identifying Information: We collect this type of Data when someone chooses to share it with us, for example:

i. During account registration, you provide your name, email address, security question answers, and a password.

ii. When you contact us by online form, email, mail, or phone, we may keep a record of the message or conversation or what was discussed, including your first and last name, the company you work for (if any), your email address, your phone number, the nature of the reason as to why you are contacting us, and any referral comments you provide.

iii. We may receive information when you post on a third-party service where we have a profile or presence, such as on social media.

iv. We collect information from other interactions you may have with us, such as when you respond to a survey, provide data to learn about our Services, or report a problem with our Services.

v. We may also collect information about the device you use to access our Services and your interactions with our Services.

B. Internet or other Network Activity Information: This type of Data is collected when you browse our Site, other websites, or open our emails. This may include technical information like your IP address, mobile network details, device ID, and details about what you viewed. We and our service providers and/or Clients may collect Personal Data in a variety of ways, including:

i. Through the tools online and on a device which allow and provide you with online access;

ii. Offline, such as when you attend one of CMA’s seminars or contact customer service;

iii. Other sources, such as public databases, joint marketing partners and other third parties.

C. Event Information: We collect information where you sign up for events, such as your contact information and mailing address, or Data you provide during a webinar, an industry event or trade show.

D. Account Credentials: We collect usernames and passwords to protect our Services and your security, to the extent permitted or required by applicable law. We do not use this Data for the purpose of inferring characteristics about you.

E. Demographic Information: We collect demographic information when you participate in a survey. For instance, we might ask about gender, zip code, or other details.

F. Location Information: We can generally detect where the Site is accessed from based on an IP address, which gives us a general idea of device or network location, like country, city, or zip code. We may also collect location information such as zip code from you directly.

G. Personal Data You Disclose Relating to Others: If you disclose Personal Data relating to other people to us or to our service providers in connection with the Services, you represent you have the authority to do so and to permit us to use that Data in accordance with this Privacy Notice.

9. Sources of Data and Purpose for Use

This section outlines the sources and purposes for collecting the categories of Personal Data described in Section also applies to you.

A. Overview of our Data Sources

We collect Data from a variety of sources, including but not limited to:                                                                                                                                       

i. Directly: from the person who is the subject of the Personal Data.

ii. Indirectly: from service providers, publicly available sources (voting records, business information, or social media), third-party advertisers, corporate affiliates, Clients, and interactions related to us on third-party services where we have a profile or a presence.

iii. Automatically: (directly or indirectly) from the device used when you visit the Site, your network, or from cookies and other online technologies.

B. Overview of our Data Use

Our main goal in collecting data is to provide and improve our Services, so we are able to provide you with the best possible experience. The information we collect helps us provide you with an easy to use and readily available forum, allowing us to tailor our Services and better reach potential Clients.

We use Personal Data for certain purposes, including the following:

i. Product and Services Fulfillment

a. Communicate about the Services, or experience and feedback related to the Services;
b. Set up and support a candidate account;
c. Enhance our products and Services;
d. Provide thought leadership best tailored to your organization.

ii. Internal Operations

a. Make our Services better;
b. Strategize to plan Site content; and
c. Improve the effectiveness of our systems, and Services.

iii. Security, compliance, legal obligations and fraud prevention

a. Detect, investigate and prevent activities that may be illegal or violate our policies;
b. Protect our assets (on and offline) and prevent fraudulent activities;
c. Validate credentials and authenticate user logins;
d. Protect the security and integrity of our Services and our data; and
e. Assist law enforcement and respond to legal/regulatory inquiries, if necessary.

iv. Anonymized or De-Identified Uses

a. To the extent we anonymize or de-identify Data, we will not attempt to re-identify it.

C. Information You Provided Directly to CMA Global

The Data mentioned above is generally collected directly from the individuals the information is about. For example, the information you share with us via email, during phone calls, in your account or profile details or when you sign up for our emails. If we request and collect the requested Personal Data, the purpose for doing so will be explained at the time of request unless it is obvious from the context.

If you do not want to share your information, you can choose not to participate in a particular Service or activity.

D. Information from Your Device

We and third parties we hire to provide services—such as Site hosting, management, and development; web form and Site content management; Site security services; embedded content hosting; and marketing, may automatically collect data from your device when you use our Services. Data protection laws in some jurisdictions may consider this data Personal Data.

Collecting this type of information provides us a better understanding of visitors who come to our Site and what Site content interests them. This data is used for CMA internal purposes, to improve quality and relevant Services to our Clients and Site visitors, and to enhance the security of our Services by detecting and preventing fraud, security threats, or other illegal or suspicious behavior.

i. Social Networking Plugins and Platforms

When you use social networking platforms (YouTube, LinkedIn, Instagram, etc.) and plugins (such as the “share,” “pin,” and “like” buttons) on our Services, certain Data for that platform may be shared with us. By using these platforms and plugins, you are sharing your Data with that platform, and it will be their privacy notice which governs their use or disclosure of that Data. Additionally, they may collect information about your activity across the internet,  tracking your activity across multiple websites to deliver targeted advertising to you.  Please note that those third-party privacy notices apply to that tracking activity by those entities, and we encourage you to read them.

ii. Google Analytics

Google, Inc. utilizes Data collected by Google Analytics tools operating on our Site to identify and examine how our Site is used, create reports on Site activities, and share those reports with us for our purposes. The data Google, Inc. obtains from our Site does not identify you to CMA. Please note Google, Inc., may seek to contextualize and personalize ads for its own advertising network to serve ads to you based on your other activity on the Internet. Google’s privacy notice will apply to that activity, and we encourage you to read it.

10. How and Why CMA Global Discloses Your Personal Data

This section describes when and to whom we disclose the categories of Personal Data described in this Notice. Generally, CMA does not disclose Personal Data to third parties. However we may, in the limited circumstances described below, disclose (or permit others to directly collect) information about you. Here are some of the ways your Data may be shared:

A. With Your Consent.

B. To Fulfill the Purpose for Which You Provide the Data.

C. For Any Purpose Disclosed by Us in this Notice or when You Provide the Data.

D. Data in the Aggregate. 

We may disclose “blinded” aggregated data and user statistics without restriction. Blinded data is data that does not identify an individual.

E. To Clients

As described in this Notice, the data you share in an assessment is shared with our Client (your employer or potential employer) and the Client maintains this data. If you have concerns or questions with regard to such assessment data, you must contact the Client.

F. No Tracking for Target Advertising

CMA Global does not track Site users across third-party websites to provide targeted advertising. Accordingly, we do not currently respond or take action with respect to web browser “do not track” signals or other mechanisms that provide consumers the ability to restrict collection of their online activities over time and across third-party websites or online services. To learn more about your Data choices, please see Section 11 of this Notice. Additionally, if you reside in a U.S. State with a consumer privacy policy law, Section 16 also applies to you. 

G. In Special Cases

CMA and our service providers may disclose, access, or monitor Personal Data in special cases, such as the following:

i. When we believe we must disclose Data to identify, contact or bring legal action against someone who may be causing injury to or interference with our rights or property, other Site visitors or customers and their Data, or anyone else who may be harmed by such activities.

ii. When we believe in good faith that the law requires it.

iii. For administrative and purposes we deem necessary to maintain, service, and improve our Services and security. This includes third-party partners and service providers we use to enable detection of devices connected with fraud and other security vulnerabilities, prevent fraud, security threats and illegal or malicious behavior, and enhance our security on the Internet.

iv. In the event CMA buys or sells businesses or assets, in those transactions, confidential customer Data generally is one of the transferred business assets. Where a transaction involves the sale of some or all of CMA’s businesses, Client and Site visitor Data may be a transferred asset and disclosed in connection with a proposed transaction. In such a case, the transferred Data may become subject to a different privacy notice.

11. Your Choice About Collection, Use, and Disclosure of Your Personal Data

This section provides information about your choices for the collection, use, and disclosure of your Personal Information. If you reside in a U.S. State with a consumer privacy law that applies to you and to us, Section 16 below provides additional information about your choices, including how to exercise your privacy rights.

A. Managing your Data Preferences with Us

i. Revoking Consent. If we are collecting, using, or disclosing Personal Data with your consent, you can withdraw consent to future use of your Personal Data at any time by contacting us using one of the contact methods in the Contact Us section below. Withdrawing consent will not affect processing that occurred before withdrawal, nor use of Data on grounds other than consent, for example when we use cookies to present Site content, log you into the Site, or for security purposes.  

ii. Account Information. You can directly manage certain data stored within your account by logging in and viewing, changing, or deleting that information, or you can contact your employer or potential employer (CMA’s Client) to change your account information and password.

iii. Information Associated with an Email Address. To manage the Data associated with your email address in our systems, please contact us using a contact method in the Contact Us of this Notice.

iv. General. If you believe inaccurate or inappropriate information has been obtained or provided through your use of our Services, please contact a representative of CMA using one of the contact methods in the Contact Us of this Notice.

B. Automatic Browser Signals to Communicate User Preferences

i. The Global Privacy Control Browser Opt-Out Preference Signal

The Global Privacy Control (GPC) is an option you can configure in your browser’s settings (or by downloading a browser extension, for certain browsers) to signal to websites that you want to limit Data sharing as much as possible. Our Site does not recognize the GPC signal, as there is no sale or tracking activity of Personal Data to block, and thus no purpose for implementing GPC settings on our Site.

Visit https://globalprivacycontrol.org/ for the latest information on how to enable GPC in participating browsers, including instructions on downloading and setting up any browser extensions, if necessary.

ii. Do Not Track Codes

Some web browsers offer a “do not track” (DNT) privacy preference setting. Our Site does not support DNT codes because our Services do not deploy technology that enables cross-site tracking. When you turn on DNT settings in your browser, your browser will send a signal to websites, analytics companies, ad networks, and other web services integrated across the Internet (such as buttons, widgets, and other embedded content) requesting those tools to stop tracking and sharing of your activity. Web browsers supporting DNT provide instructions on how to enable it. Search for instructions in your browser’s help section.

iii. User-Provided Age Flags

Our Site does not recognize signals transmitted by a user indicating the consumer is less than 18 years of age. If we receive such a signal from a Site visitor, we will treat that visitor as though they are 18.

12. What Security is in Place to Protect Against Loss, Misuse or Alteration of Data? 

Because information sent through the Internet travels from computer to computer throughout the world, information you provide may be sent to servers outside of the country where you originally entered the information. While no data transmission over the Internet can be guaranteed to be 100% secure, our Site uses encryption to protect Personal Data we process. You can identify TLS in use on a page within our Site by the padlock symbol 🔒 or “https” in the URL.

Information you disclose while using our Services, such as by posting a public review or using e-mail, may potentially be collected and used by others. This may result in unsolicited messages from third parties or misuse of your information for various purposes, legal or illegal. While we strive to protect your Personal Data, we cannot ensure or warrant the security of any information you transmit to us or from our Services, and you do so at your own risk. If we receive a nonpublic transmission from you, we use commercially reasonable efforts to ensure its security on our systems. We endeavor to limit access to Personal Data to those who reasonably need it to provide and improve our Services and process your information appropriately.

13. How Long do we Keep Your Personal Data?

We store Personal Data for as long as necessary to carry out the purposes for which we originally collected it or as long as required by applicable law. The length of time we retain Personal Data will be determined based upon criteria such as: the length of time the Data remains relevant; the length of time it is reasonable to keep records to demonstrate we have fulfilled our duties and obligations; any limitation periods within which claims might be made; any retention periods prescribed by law or recommended by regulators; or the type of contract we have with you, the existence of your consent, and our legitimate interest or business need in keeping such data (for example, to provide a Service you requested or to comply with applicable legal or accounting requirements).

When we have no ongoing legitimate business need to process your Personal Data in accordance with our Data retention policies, we will either delete or anonymize it or, if this is not possible, we will securely store the Data and isolate it from further processing until deletion is possible.

14. International Data Transfers

Your Personal Data may be transferred to, and processed in, countries other than the country in which you are a resident. These countries may have Data protection laws that are different from the laws of your country and, in some cases, may not be as protective. Our Site users are located in various countries worldwide, and our service providers and partners operate around the world, which means we may process Data in these countries. CMA Global has and continues to take appropriate safeguards to protect Personal Data according to applicable law.

15. What Else Should You Know About Your Privacy?

Please keep in mind that whenever you voluntarily disclose information online, that information is accessible to others. Ultimately, you are solely responsible for maintaining the secrecy of your passwords and/or any account information. Please be careful and responsible whenever you are online.

16. Privacy Rights for Residents of U.S. States with Applicable Privacy Law

A. U.S. States Privacy Laws

Residents of certain U.S. states may have rights (now or in the future) under privacy laws in effect in their state, such as under the California Consumer Privacy Act (CCPA), Colorado Privacy Act, Connecticut Data Privacy Act, Delaware Personal Data Privacy Act, Indiana Consumer Data Protection Act, Iowa Consumer Data Protection Act, Kentucky Consumer Data Protection Act, Maryland Online Data Privacy Act, Minnesota Consumer Data Privacy Act, Montana Consumer Data Privacy Act, Nebraska Data Privacy Act, New Hampshire Privacy Act, New Jersey Data Privacy Act, Oregon Consumer Privacy Act, Rhode Island Data Transparency and Privacy Protection Act, Tennessee Information Protection Act, Texas Data Privacy and Security Act, Utah Consumer Privacy Act, Virginia Consumer Data Privacy Act, and any other U.S. privacy law and implementing regulations (collectively, State Privacy Laws). Some of these laws may not take effect until a future date.

While consumers may be covered by an applicable State Privacy Law, some of the State Privacy Laws may not apply to CMA due to the scope of our business and limited interactions with consumer residents in certain states. We will adhere to the privacy rights below to the extent they apply to you and to CMA.

In general, the State Privacy Laws provide (now or in the future) consumer state residents with rights to:

  • Confirm whether we process their Personal Data and access it (the Right to Know).
  • Delete certain Personal Data.
  • Correct inaccuracies in their Personal Data, taking into account the nature of the information and the Controller’s processing purpose (excluding Iowa and Utah).
  • Obtain a Copy of their Personal Data (the Right of Data Portability).
  • Opt-out of Personal Data processing for:
    • targeted advertising (excluding Iowa);
    • sales; or
    • profiling in furtherance of decisions that produce legal or similarly significant effects (excluding Iowa and Utah).
  • Provide consent prior to, or to limit (opt-out) the processing of sensitive Personal Data.
  • Certain rights to question profiling or automated decisions having legal or similarly significant effects (Minnesota only).

Some State Privacy Laws provide additional rights related to processing of sensitive data or the use of automated technologies to make important decisions affecting the rights of the individual. Since CMA does not engage in these activities, those rights are not covered in this Notice.

The exact scope of these rights vary by state, may change, and new privacy rights may become applicable as State Privacy Laws and implementing regulations are passed or amended. CMA is working to maintain this Privacy Notice with accurate and relevant information about consumer rights and each State Privacy Law as they are passed and amended, and as guidance is issued by each state. Please check this section of our Privacy Notice for periodic updates, as we may update it to address new laws as appropriate.

B. Privacy Rights for Employees of our Business Contacts

The State Privacy Laws apply to U.S. consumers who are natural persons acting in their personal or household capacities. The State Privacy Laws (other than the CCPA, for California residents), do not cover Personal Data collected in the business-to-business (B2B), workforce, or employment contexts. This means that if you interact with CMA as a contractor, employee, or business representative of your organization, Data we collect or process from those interactions is generally not tied to Personal Data rights under State Privacy Laws (except for the CCPA). We may not process privacy requests in cases where such exceptions apply.

 To make inquiries or exercise rights in Personal Data based on your interactions with CMA in your personal capacity, such as personal purchases, inquiries, or visits to the Site, you can contact us directly using one of the methods in the Contact Us section of this Notice.

C. Our Collection, Use, and Disclosure of Personal Data

As noted above, we collect certain Data fields that identifies, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to a particular consumer. Personal Data, however, does not include the following:

i. Publicly available information.

ii. De-identified or aggregated consumer information.

iii. Information excluded from most State Privacy Laws’ scope, such as:

a) health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA), clinical trial data, or other qualifying research data;
b) personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994;
c) data collected in the business-to-business (B2B) context (except for California consumers, as defined under the CCPA); and
d) data collected in the employment context (except for California consumers, as defined under the CCPA).

Following is a table detailing our Data practices over the last twelve (12) months:

Identifiers (name, alias, postal address, unique personal identifier, online identifier, IP address, email address, account name, social security number, driver’s license number, passport number, or similar identifiers)

D. Right to Know and Daa Portability

If you are protected by an applicable State Privacy Law, you have the right to request access and disclosure of certain information about our collection and use of your Personal Data as well as to have a copy of that Data (collectively referred to here as the right to know). Once we receive a request and confirm the identity of the requestor and the Data subject (see Section ), we will disclose the following information, per the request

i. The categories of Personal Data we collected about you.
ii. The categories of Personal Data we are processing, or have processed.
iii. The categories of sources for the Personal Data we collected about you.
iv. Our business or commercial purpose for collecting, selling, or sharing the Personal Data.
v. A list of the categories of third parties with whom we have shared your Personal Data, if any, and the categories of Personal Data shared with each category of third parties.
vi. A list of the categories of Personal Data we disclosed about you for a business purpose, if any, identifying the categories of persons or recipients that obtained each category of Personal Data.
vii. A copy (if requested) of the specific pieces of Personal Data collected and maintained in a commonly used electronic format.

If you are protected by the Oregon Consumer Privacy Act or the Minnesota Consumer Data Privacy Act, you have additional rights to obtain a list of the specific third parties to which we have disclosed your Personal Data. Should you wish to obtain a copy of this information, please indicate you are an Oregon or Minnesota resident when you submit your request.

E. Right to Delete and Correct

If you are protected by an applicable State Privacy Law, you may have the right to request that we delete the Personal Data collected or maintained about you, and to correct inaccuracies in the Data, which may be subject to certain exceptions (collectively referred to here as the right to delete). Once we receive a request and confirm the identity of the requestor and the Data subject (see Section 16.F below ) we will review the request to see if an exception allowing or requiring us to retain the Data applies. We may deny a deletion request if retaining the information is necessary for us or our service provider(s) to:

i. Complete the transaction for which we collected the Data, provide a requested good or Service, take actions reasonably anticipated within the context of our ongoing business relationship with the consumer, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with any consumer.
ii. Detect security incidents; protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for such activities.
iii. Debug the Services to identify and repair errors that may impair intended functionality.
iv. Exercise free speech, ensure the right of a consumer to exercise their free speech rights, or exercise another right provided for by law.
v. Comply with applicable state law, including the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
vi. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if informed consent was previously provided.
vii. Comply with a legal obligation.
viii. Other purposes as permitted under State Privacy Law.

Upon receipt of a verifiable request, we will delete or de-identify and/or correct Personal Data not subject to an exception from our records and will direct our service providers to take similar action.

F. Exercising Your Rights to Know or Delete 

To exercise the rights to know or delete described above, please submit a request using one of the methods in the Contact Us section of this Notice.

Only you, or someone legally authorized to act on your behalf, may make a request to know or delete information related to your Personal Data. You may only submit a request to know twice within a twelve (12) month period. Your request to know or delete must:

i. Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Data or their authorized representative; and
ii. Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Verifying Requests. We cannot respond to your request or provide you with Personal Data unless we verify your identity or authority to make the request and confirm the Data relates to you. To protect your privacy and maintain security, we will take steps to verify your identity before complying with requests. For example, for requests to know and delete, we will attempt to match your identity to Data in our records. If needed, we may ask for additional information. The Data you provide will be used solely for identity or verification purposes.

Authorized Agents. You may designate an authorized agent to make a request on your behalf, but they must submit proof of authorization. We may deny requests if proof is inadequate. We will not process privacy requests from third-party services that haven’t passed our verification process. Often these services request that we use hyperlinks, which CMA Global will not engage due to security concerns. Further, such services are susceptible to spoofing and phishing attacks. One of our highest priorities is to safely and securely maintain our data. If an applicable State Privacy Law allows third-party agents for privacy requests, they must contact us directly using the information in the Contact Us section of this Notice.

Responses to Requests. We endeavor to respond to requests within 45 days. If more time is needed (up to 90 days), we will provide written notice of the reason for extension. Responses will be delivered by mail or electronically and if we cannot comply with a request, we will explain why in our response. For Data portability requests, we will use a readily usable electronic format to provide your Data to you.

We may charge a fee if we find requests to be excessive, repetitive, or unfounded. If a fee is warranted, we will note why and provide a cost estimate before completing the request.

G. Right to Opt-Out of Automated Profiling Resulting in Legal or Similarly Significant Effects

Consumer residents of certain states have the right to opt-out of automated processing of their Personal Data for certain purposes such as  evaluating, analyzing, or predicting personal aspects related to an individual’s economic situation, health, health records (Indiana), personal preferences, interests, demographic characteristics (Delaware and Maryland), reliability, behavior, location, or movements, which is known as “profiling.” This right applies when profiling is done in furtherance of a decision—or, in some states, an automated decision— that results in the provision or denial of financial or lending services, housing, insurance, education enrollment, or, in some states, education opportunities, criminal justice, employment opportunities, health-care services, or, in some states, access to essential goods or services, and in other states, access to basic necessities such as food or water.

We do not make decisions based on algorithms or automated processing that may significantly affect you. 

H. Do Not Sell or Share My Personal Data – Opt-Out Rights

Your State Privacy Law may provide the right to Opt-Out of the Sale or Sharing of your Personal Data, and the right to Opt-Out of use of Personal Data for targeted advertising or Cross-Context Behavioral Advertising.

We do not sell Personal Data and we do not share Personal Data with third parties for their own business interests, to monitor activity across the internet, or to target you with ads. Since we do not sell or track Personal Data, our Site does not need nor offer preferences tools or recognize GPC or other opt-out preference signals.

Note we do disclose some Personal Data to service providers to support our Services and operations as a business (e.g. to process payments, to manage the Site, or to host and process data necessary to our Services). We may also use Data to detect, prevent, or investigate security incidents, fraud, or misuse of our Services. We provide information about our disclosure and use of Personal Data above in Section 16.C.

We generally do not collect information that is considered “sensitive” under State Privacy Laws. In the limited circumstances we do, such as collection of an account username and password (considered “sensitive” under CCPA), we do not use or disclose sensitive Personal Data for the purpose of inferring characteristics about you, and we do not sell or share it as defined by the CCPA.

I. Right to Non-Discrimination and No Retaliation

The State Privacy Laws provide consumers the right not be discriminated against for opting out or exercising privacy rights conferred by applicable State Privacy Laws. Unless permitted by applicable State Privacy Laws, we will not:

i. Deny goods or Services;
ii. Charge different prices or rates for goods or Services, including through discounts or imposing penalties;
iii. Provide a different level or quality of goods or Services; or
iv. Suggest you may receive a different price or rate or a different level or quality of goods or Services.

We may offer certain financial incentives permitted by applicable privacy laws that may result in different prices, rates, or quality levels. Any legally permitted financial incentive we offer will reasonably relate to the value of the Personal Data and contain written terms describing the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.

17. Supplemental Notice to California Residents

California Civil Code Section 1798.83 permits individuals who are California residents that have a business relationship with us to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. To make such a request, please send an email to or write us using the contact information in the Contact Us section of this Notice. Make sure to state that you are a California resident.

18. Supplemental Notice to Nevada Residents 

Nevada Rev. Stat. § 603A.345, permits consumers in Nevada to opt out of the sale of certain kinds of Personal Data. A sale under Nevada law is the transfer of this Personal Data to third parties for monetary consideration so these third parties can then resell or license the sold Data. We do not sell your Personal Data to third parties as defined in Nevada law.

19. Your Rights in the EU and the UK

If you are a European Union or United Kingdom (UK) resident, the GDPR and the UK GDPR may provide you with additional rights regarding our use of your Personal Data (collectively, GDPR rights). This section describes additional information concerning your GDPR rights not otherwise addressed by this Notice.

We and our third-party service providers or partners may collect certain information automatically from your device when you visit our Site or use Services we provide. In some countries, including countries in the European Economic Area and the United Kingdom, this information may be considered Personal Data under applicable data protection laws.

A. GDPR Principles. We are committed to following the GDPR principles for Personal Data processing.

i. Lawfulness, fairness, and transparency. We will process Personal Data in such a manner as would reasonably be expected and will be transparent in its processing.
ii. Purpose limitation: We will process Personal Data for the specific purpose it was collected.
iii. Data minimization: We do not collect or process more Personal Data than reasonably required.
iv. Accuracy: We will take reasonable steps to confirm the Personal Data held is adequate and accurate.
v. Storage limitation: We will not store Personal Data for longer than necessary or required.
vi. Integrity and confidentiality: We will take reasonable steps to protect the integrity, security and confidentiality of the Personal Data we hold.

B. Legal Basis for Processing. We will process Personal Data where we have a legal basis for doing so, which may include the following:

i. Consent: the data subject has consented to the use of their Personal Data.
ii. Contract: processing of Personal Data is necessary to fulfill a contractual obligation.
iii. Legal obligation: A legal, regulatory, or judicial process requires processing of such Personal Data.
iv. Vital interests: Someone’s life, health or security depends on the processing of such Personal Data.
v. Public task: The processing of such Personal Data is necessary to carry out a task in the public interest.
vi. Legitimate interests: processing Personal Data serves a legitimate interest, as determined by an appropriate assessment, such as the improvement of our Services or operations.

C. Exercising GDPR Rights. We do not generally collect Personal Data directly from consumers. Data is typically collected in our role as a “Processor” to our business customers who are “Controllers” for purposes of the GDPR. We process Personal Data to fulfil our contract with the Controller, which is our legal basis for processing. In that case, your Personal Data is controlled by the Controller and if you wish to exercise your rights under the GDPR, you need to make a request to the Controller under their privacy policy. As a Processor, we will assist the Controller in complying with your request. If you believe that we have collected your Data directly in our capacity as a Controller, you may exercise GDPR rights concerning the accessing, managing, rectifying, erasing, etc., of personal data, by contacting us using the information in the Contact Us section below. Please note the rights identified in this Section 19 of this Notice are supplemental to the information otherwise generally provided and applicable to the relevant Data Subject in this Notice.

20. Updates to this Notice

We may change this Privacy Notice from time to time so please check back often. If we make changes, we will notify you by updating the Effective and Last Updated dates at the top of this Notice. If we significantly change our collection, use, or disclosure practices, we may provide additional notice such as by adding a statement to our home page, by sending you a notification, or sending an email if you have provided us with an email address. Please note that some of the Services mentioned specifically in this Notice may not be immediately available on the Site at this time.

21. Cookie Notice Section

A. The Cookie Notice

This Cookie Notice is part of our Privacy Notice and provides you with information about the cookies and other technologies we use and our purposes for using them.

Like most other websites, our Site uses cookies in combination with other code such as pixels, scripts, tags, and beacons (collectively referred to as cookies in this Notice) to distinguish you from other users of our Site. You can find out more about the different types of cookies used on our Site below. Please be aware that refusing certain types of cookies may impact your experience of our Site. You can change your preferences at any time by contacting us as noted in the contact methods of below.

What is a Cookie?

We use the term “cookie” to refer to a variety of technologies including web beacons and scripts in this Notice. To provide some additional clarity, following below is additional information about these technologies and how we might use them:

Cookies. A cookie is a small file of letters and numbers a website asks your browser to store on your device hard drive. Cookies may enable a company to identify your browser as a unique user. Cookies may also transmit information from us to you and from you to us.  Cookies set by CMA are called “first-party cookies”; we may also use third-party cookies, which are cookies set by a domain other than the current site you are visiting (typically placed by service providers). You can use www.whoishostingthis.com to identify a website’s hosting provider which may help you understand the cookies running on that site.

Web Beacons. We may employ technology referred to as a clear GIF (Graphics Interchange Format), also known as a pixel tag or web beacon. A clear GIF is a line of code placed on a website or in e-mails which allows the website owner to analyze advertising and the general usage patterns of visitors to a website. If used, they may help better manage content on a website by informing the owner about what content is effective.

Log Files. Most standard website servers use log files. Log files track Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks. We may utilize this information to analyze trends, administer the Site, prevent fraud, track Site navigation in the aggregate, and gather broad demographic information for aggregate use.

B. Your Choices Regarding Cookies

i. Browser Settings

a) Automatic Browser Signals

Please visit Section 11 to learn about how our site interacts with automatic browser signals from Site visitors. 

b) Additional Browser Settings

Your browser may offer additional settings. Internet browser cookie settings are usually found in the “settings,” “preferences,” or “options” menu of your browser. To understand more about these settings, the following links may be helpful. You can also use the “Help” option in your browser for more details.

ii. Setting your Browser to Limit the Data Google and Google Analytics Collect

You can prevent or limit Google, Inc. from accessing future Data about your use of our Site by downloading and installing the Google Analytics opt-out browser add-on as instructed here: https://tools.google.com/dlpage/gaoptout. This link provides instructions for installing an opt-out extension to your browser. When correctly installed and active, the opt-out extension is said to prevent Google from receiving Data about your activity generated by Google Analytics tools. CMA may still receive information about the use of our Site and use it for operational purposes.

For information on how Google Analytics uses Data, please visit “How Google uses information from sites or apps that use our services,” located at https://policies.google.com/technologies/partner-sites. You may view Google’s privacy policy here: https://policies.google.com/privacy?hl=en.

iii. Industry Programs for Controlling Interest-Based Advertising

You can also take advantage of industry-sponsored programs to better manage how some companies advertise to you online, including but not limited to the following resources:

These tools will only opt you out from receiving interest-based ads from entities that have chosen to participate in these industry-sponsored Opt-Out programs, and only for the specific browser or device you have configured. You may still receive interest-based ads on other devices and browsers. You must perform an opt-out selection for each browser and device you use. Note, these tools will not opt you out of non-Targeted advertising.

iv. Service-Specific Information on Cookies and Online Advertising Choices

You may also opt-out of information sharing from third-party websites using information in their privacy policies. We have provided informational links for some common services below. Please note these links often change, and you may need to contact the entity itself to access to these opt-out controls:

C. How Long Do Cookies Last?

Except for Strictly Necessary cookies, the cookies we run on our Site will expire as follows:

  • Session cookies: These allow website operators to follow a user’s actions through a browser session. A browser session begins when a user opens the browser window and ends when the browser window is closed. Session cookies are temporary. Once the browser is closed, all session cookies are deleted. We may use a session cookie, for example, to remember that you have already navigated through a particular menu.
  • Persistent cookies: These remain on a visitor’s device for a time period set by the cookie. They are activated each time a user visits the site that created that cookie. We may also use “analytics cookies” that allow analytics services to recognize your browser or device and, for example, identify whether you have visited our Site before, what you have viewed or clicked on, and how you found us. This information is provided anonymously for statistical analysis only. Analytics cookies are usually persistent cookies.

D. What Cookies Does CMA Use & Why

The cookies used on our Site are categorized as follows:

  • Strictly Necessary
  • Functional
  • Analytics

i. Strictly Necessary Cookies 

These cookies are necessary for the Site to function and cannot be switched off in our systems. They allow you to move around the Site and use essential features. Without these cookies, we cannot provide the requested Services.

We use Strictly Necessary Cookies for purposes such as:

  • Distinguishing humans from bots;
  • Presenting Site content;
  • Enabling transactions;
  • Identifying and/or authenticating a user as logged into the Site;
  • Ensuring a user connects to the right service if a change is made;
  • Detecting spam, fraud, and abuse; and
  • Security purposes.

You can set your browser to block or alert you about these cookies. However, if they are blocked, CMA cannot guarantee performance of the Site or security during a visit.

ii. Functional Cookies 

Functional cookies are used to enable enhanced functionality and personalization. Such cookies may be set by third-party providers whose services are added to our Site, such as embedded content on our site. Although important, these cookies are not required for your use of the Site. Without these cookies, certain functionality may become unavailable.

We use Functional Cookies for purposes such as to:

  • Apply your preferred settings

iii. Analytics Cookies

Analytics cookies collect data about how someone uses our Site, such as pages visited and errors experienced during a visit. Analytics cookies typically do not collect information specifically identifying an individual and are used to improve the Site, understand the interests of the users, and measure the effectiveness of content.

We use Analytics cookies for purposes such as to:

  • Provide anonymous statistics on how the Site is used;
  • Understand how users reach our Site;
  • Identify user-specific browsing and session details;
  • Recognize users in a browsing session; and
  • Improve the Site by measuring errors.

If you do not allow these cookies, we will not know when you have visited our Site nor will we know if there are errors in performance. Some analytics cookies are managed by third parties, such as Google Analytics.

22. Contact Us

If you need further assistance, have questions about our privacy practices, or if you would like to exercise your privacy rights, please contact us using one of the methods below:

Phone:  1.800.459.4548

Email:  info@cmaconsult.com

Submit a request: Through the TLS encrypted web form available here.

Write us at:

CMA Global
222 S. Central Ave, Suite # 900
Saint Louis, MO 63105

 

If you wish to appeal a denial or limitation of your privacy rights request, you may email us at info@cmaconsult.com.

Are you located in the EU or UK? Please click here to view the section of this Notice specific to GDPR residents.

Privacy Policy
Privacy Policy
Terms of Use
Terms of Use

St. Louis Headquarters Office
222 S. Central Ave, Suite # 900
Saint Louis, MO 63105

314.721.1860 | 1.800.459.4548

Denver Office

3900 E. Mexico Ave, Suite #850
Denver, CO 80210

720.773.1860

Kansas City Office
800 W 47th Street, Suite #716
Kansas City, MO 64112

816-945-9901

Privacy Policy

Saint Louis, MO / Denver, CO
Evansville, IN / Kansas City, MO

career opportunities

All Content © 2026 CMA. All Rights Reserved.