Privacy Policy


The Castle Group (TCG) provides Public Relations, Crisis Management, and Event Management services for many clients in diverse industries from biotech to healthcare to education. This Privacy Policy is intended to ensure necessary protections are in place for the safeguarding of employee, contract, and client personal information and personal data.

On May 25, 2018, the European Union General Data Protection Regulation (GDPR) took effect. TCG has updated our privacy policy to reflect what we collect, how we collect and how we use your personal information in accordance with GDPR and what rights you have to control the use of your personal information.

By using the TCG services or website, you consent to the data we collect and how we use and share it in accordance with this Privacy Policy. If you do not agree with the data we collect and how we use and share it, you should not use our services or website.

Protecting Personal Information

You voluntarily provide us with data, including data that can be used to identify, either directly or indirectly, when you purchase or use our services and access our website.

Definition of Personal Information or Personal Data (PI)

For purposes of this privacy policy TCG has defined PI as:

An individual’s first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to the individual:

  • Social Security Number
  • Driver’s license number
  • State or Federal government issued identification card number including Military ID or Passport number
  • Financial account number, including any credit card number, with or without any PIN, code or security information that would permit access to the individual’s account

Any information which is lawfully obtained from publicly available information, or from federal, state, or local government records lawfully made available to the general public is not considered PI.

For purposes of GDPR, if you provide your name, address, email, telephone number, username, password, IP address, credit card, debit card, banking or other payment information, or any other information you share with TCG, directly or indirectly, through your use of TCG services or website, you are providing PI.

Use of Personal Information

TCG handles Personal Information (PI) in the conduct of its business operations for many different reasons. Here is how TCG may handle PI:

  1. We keep employment records including payroll, retirement plan, tax records and health insurance and other benefits information for our employees.
  2. Some clients may provide credit card information for payments.
  3. We may have access to the PI of our client’s employees, partners, or associates in the delivery of our crisis management or event management services.
  4. With your consent, we may send you our newsletter and other marketing materials.
  5. With your consent, where the processing is necessary for the performance of a contract, such as to facilitate providing to you our PR or event management services, we may use your PI.
  6. Where necessary to comply with applicable law, court orders, governmental agencies, for the administration of justice, to protect vital interests, to protect the security or integrity of our databases, services, or website, or to take precautions against legal liability, we may use your PI.
  7. Where the processing is necessary for the purposes of our legitimate business interests, taking into account individual interests. Our legitimate business interests include providing the PR and event management services, internal record-keeping and administrative purposes and to operate, maintain and improve our website.

We do not and will not rent, sell or transfer your PI to vendors or third parties for marketing purposes. We may retain data, including PI, for as long as necessary to deliver our services or as needed for other lawful purposes.

Your Rights

Subject to applicable data protection laws, you have the following rights with respect to TCG’s handling of Personal Information:

  • Access. The right to access your PI held by TCG.
  • Opt-Out. The right to object to certain processing of PI (unless TCG has overriding compelling grounds to continue processing), including the right to opt-out of receiving direct marketing. We will, however, continue to use PI for the limited purpose of communicating important notices relating to changes to services, and other reasons permitted by law.
  • Rectification. The right to request correction of PI that is incomplete, incorrect, unnecessary or outdated.
  • Right to be Forgotten. The right to request erasure of all PI that is incomplete, incorrect, unnecessary or outdated within a reasonable period of time. TCG will do everything reasonably possible to erase PI if a user or client so requests. However, TCG will not be able to erase all PI if it is technically impossible due to limitations of existing technology or for legal reasons, such as TCG is mandated by applicable law to retain PI.
  • Restriction of Processing. The right to request restriction of processing PI for certain reasons, such as the inaccuracy of PI.
  • Data Portability. If requested, TCG will provide PI in a structured, secure, commonly used and machine-readable format.
  • Right to Withdraw Consent. If PI is processed solely based on consent, and not based on any other legal basis, users and clients can withdraw consent at any time.

To exercise any of the above listed rights, email TCG’s Information Security Manager at, contact TCG customer support at (617) 337-9525, or mail The Castle Group, Inc., 38 Third Avenue, Charlestown, MA 02129, Attn: Privacy. TCG will process requests in accordance with applicable law and within a reasonable period of time.