Last modified: February 2, 2021
Protecting the confidentiality and security of personal information is integral to the way in which Ethos Impact Inc. and its affiliates ("Ethos", “us” or “we”) conduct business worldwide.
Generally, Ethos is the “controller” of any personal information that you provide to us and this Privacy Notice is intended to cover certain notice requirements when we determine the purpose and means of processing such personal information in the regions in which we operate. Where additional provisions required by local legislation apply, we have addressed those provisions in separate expanders below.
This Privacy Notice and other legal notices listed on this website (www.ethosesg.com) (together, with all sub-domains and other websites that we own or operate, "Website"), explain our collection, use and disclosure of personal information collected in the course of our business activities.
This Privacy Notice does not apply to information collected, stored, shared, or distributed by third-party sites. This Privacy Notice does not apply to our employees, who are covered by our internal notices, policies and procedures.
Please read this Privacy Notice carefully. The summary immediately below describes only highlights, and we encourage you to read this Privacy Notice completely.
Ethos' main clients and prospects are companies. Ethos' vendors, service providers and consultants (together, “Vendors”) are typically companies but on occasion may be individuals.
We process personal information that comes from three sources: information you provide, information we receive from other sources, and information collected automatically.
The first category, information you provide, includes information that you provide through our Website, through our products or through our client support portals, through day-to-day interaction with us, in connection with a job search, and as a visitor to our offices. The second category, information we receive from other sources, includes information from public sources, information from our employees, and information from our clients. The last category, information we collect automatically, includes information collected when you visit our Website or use our IT systems/networks.
Where required by applicable data protection law, our processing of your personal information will be justified on a lawful basis. We do not sell or rent your personal information to third parties. We share data internally among our corporate affiliates and business units in the ordinary course of our daily operations. We share personal information with our Vendors in connection with their performance of services for us, in accordance with our instructions, and subject to appropriate contractual restrictions and security and confidentiality obligations. We may be required to disclose your personal information for legal/regulatory/compliance purposes or in connection with an investigation, or if we believe it is reasonably necessary to prevent harm or loss. We may also share your personal information in connection with certain corporate events.
Ethos maintains and applies consistent physical, electronic and procedural safeguards that aim to protect personal information against loss, misuse, damage or modification and unauthorized access or disclosure. Highlights of Ethos’s information security program can be found on our Website at https://www.ethosesg.com/legal/data-security.
We send our marketing emails within the US on an opt-out basis and outside of the US, we rely on opt-in consent.
If you have legislative access or similar legal rights in your jurisdiction with respect to your personal information, and you wish to exercise any such rights as further identified in this Privacy Notice, you can submit your request to us by emailing us at firstname.lastname@example.org.
Last Updated: February 2, 2021
If your data is processed in the EU, EEA or UK, you will have the following rights under the GDPR:
Right of Access/Subject Access Request: You are entitled to request confirmation that your personal information is being processed; access to your personal information; and other supplementary information that may not be included in this Privacy Notice. Right of Rectification: You are entitled to have any inadequate, incomplete or incorrect personal information corrected.
Right to Erasure (the “right to be forgotten”): You are entitled to have your personal information erased under specific circumstances, such as where you have withdrawn your consent, where you object to processing based on legitimate interests and we have no overriding legitimate grounds, or where personal information is unlawfully processed.
Right to Restriction Processing: You have the right to restrict our processing of your personal information (that is, allow only its storage) where:
Right to Data Portability: Where we are relying (as the legal basis for processing) upon your consent, or the fact that the processing is necessary to perform a contract to which you are party or to take steps at your request prior to entering a contract, and the personal information is processed by automatic means, you have the right to receive all such personal information which you have provided to us in a structured, commonly used and machine-readable format, and also to require us to transmit it to another controller where this is technically feasible.
Right to Object: You have the right to object to:
Rights in Relation to Automated Decision Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Please note, we do not use your personal information for automated decision making, including profiling.
If you wish to exercise any of the foregoing rights, please contact us at email@example.com.
If your personal information is transferred outside the EU/EEA/UK to other Ethos group companies or to Vendors, we will take steps to ensure that your personal information receives the same level of protection as if it remained within the EU/EEA/UK, including by entering into data transfer agreements, using the European Commission approved Standard Contractual Clauses, or by relying on certification schemes and/or other then-currently valid mechanisms for transfers. For transfers to Ethos in the US, a country that does not benefit from an adequacy decision by the European Commission, and for other transfers within the Ethos group, we have put in place European Commission approved Standard Contractual Clauses, which protect personal information transferred between Ethos entities.
If your data is processed in the EU/EEA/UK, you have a right to obtain details of the mechanism under which your personal information is transferred outside of the EU/EEA/UK by contacting us at firstname.lastname@example.org.
If your data is processed in the EU/EEA/UK, you have the right to lodge a complaint with the supervisory authority of your habitual residence, place of work or place of alleged infringement, if you consider that the processing of your personal information infringes applicable law. A list of data protection supervisory authorities is available at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
Last modified: February 2, 2021
This notice provides information for certain California residents, as currently required under California privacy laws, including the California Consumer Privacy Act (“CCPA”). California privacy laws require that we provide California residents information about how we use their personal information, whether collected online or offline, and this document is intended to satisfy that requirement.
Under the CCPA, “personal information” is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.
Except for the right to opt-out and the right of non-discrimination, this section does not apply to California residents with whom we transact or communicate solely in the context of providing or receiving a product or service to or from a company that employs such residents or engages such residents as contractors. This section generally does not apply to personal information we collect about job applicants, independent contractors, or current or former full-time, part-time and temporary employees and staff, officers, directors or owners of Ethos.
Please find the categories of personal information about California residents that we collect and/or disclose to third parties or service providers for a business purpose. We collect these categories of personal information from the sources described in Ethos’s main Privacy Notice above and for the purposes described therein. Our collection, use and disclosure of personal information about a California resident will vary depending upon the circumstances and nature of our interactions or relationship with such resident.
|Categories of personal information
|Do we collect?
|Do we disclose for business purposes?
|Do we sell?
|Name, contact information and related personal identifiers
|Customer records containing personal information
|Legally protected classifications, such as race, color, sex, age, religion, national origin, disability, citizenship status, and genetic information
|Commercial purchase history and tendencies
|Biometric information that can be used to establish individual identity
|Internet or other electronic network activity or usage data
|Precise geographic location information about a particular individual or device
|Audio/visual or similar personal information
|Personal, non-public education information
|Profiles/inferences created from personal information
California law grants California residents certain rights and imposes restrictions on particular business practices as set forth below.
Do-Not-Sell: California residents have the right to opt-out of our sale of their personal information. We do not sell your personal information.
Notice at Collection: We are required to notify California residents, at or before the point of collection of their personal information, the categories of personal information collected and the purposes for which such information is used, and this notice and the main Privacy Notice above serves this purpose.
Verifiable Requests for Right to Delete, Right to Copy and Right to Know. Subject to certain exceptions, California residents have the right to make the following requests free of charge:
Request to Delete: California residents have the right to request deletion of their personal information that we have collected about them, subject to certain exemptions, and to have such personal information deleted, except where necessary that we maintain such personal information in order to:
Request for a Copy: California residents have the right to request a copy of the specific pieces of personal information that we have collected about them in the prior 12 months, up to twice every 12 months, and to have this delivered either (a) by mail or (b) electronically in a portable and, to the extent technically feasible, readily useable format that allows the individual to transmit this information to another entity without hindrance.
Request to Know: California residents have the right to request that we provide them certain information, up to twice every 12 months, about how we have handled their personal information in the prior 12 months, including the:
Submitting Requests. Requests to delete, for a copy, and/or to know may be submitted by contacting us at email@example.com. We will respond to verifiable requests received from California consumers as required by law.
Incentives and Discrimination. The CCPA prohibits discrimination against California residents for exercising their rights under the CCPA and imposes requirements on any financial incentives offered to California residents related to their personal information.
Discrimination: Businesses may not discriminate against residents who exercise their rights under CCPA. Discrimination may exist where a business denies or provides a different level or quality of goods or services, or charges (or suggests that it will charge) different prices or rates or impose penalties on residents who exercise their CCPA rights, unless doing so is reasonably related to the value provided to the business by the residents’ data.
Disclosure of Incentives: If businesses offer financial incentives for the collection, sale or deletion of California residents’ personal information, residents have the right to be notified of any financial incentives offers and their material terms, the right not be included in such offers without prior informed opt-in consent, and the right to be able to opt-out of such offers at any time. Businesses may not offer unjust, unreasonable, coercive or usurious financial incentives. We do not offer any incentives.
Under California’s “Shine the Light” law (Cal. Civ. Code § 1798.83), California residents who provide us certain personal information are entitled to request and obtain from us information about the personal information (if any) we have shared with third parties for their own direct marketing (see Ethos' main Privacy Notice) use. Such requests may be made once per calendar year for information about any relevant third party sharing in the prior calendar year. California residents who would like to make such a request may submit a request in writing by emailing us at firstname.lastname@example.org. The request should attest to the fact that the requester is a California resident, and provide a current California address.
Last modified: February 2, 2021
This Notice provides information for residents of South Africa, in accordance with the requirements of the Protection of Personal Information Act (“POPIA”). Generally, Ethos is the “responsible party” of any personal information that you provide to us and addition to the information detailed in our Privacy Notice. POPIA requires that we provide an identifiable, natural person, and where applicable, an identifiable, existing juristic person (data subject) with certain rights.
A data subject has the right to have its personal information processed in accordance with the conditions for the lawful processing of personal information, including;
the Right to be Notified that personal information is being collected; or where personal information has been accessed or acquired by an unauthorised person
You are entitled to:
Submitting Requests. Requests to correct, delete, destroy or for a copy, and/or to object may be submitted by emailing us at email@example.com. We will respond to verifiable requests from residents of South Africa as required by law.
You may provide us with personal information when you communicate with us. You are responsible for providing us with accurate, complete and up-to-date information on a lawful basis.
Information you provide through day-to-day interaction with us: You may provide us with personal information through day-to-day interactions, including in-person or through various communications technologies, as necessary to develop or support our business relationship. Such relationships may include employees and other personnel of our clients and prospects, directors, vendors, consultants and other professional advisors. Personal Information here typically consists of business contact details but could include other information appropriate to the business relationship. For example, Vendors who are individuals may also provide payment details and professional qualifications.
Information you provide through our Website: You may provide us with personal information whenever you fill out a form on our Website, for example, to ask us a question, or request that we contact you about our products and services, research or events; to subscribe to our marketing, careers or investor relations emails; to download content; to register for events; or to submit a website form to us for any other reason (including, for example, to exercise rights under GDPR or CCPA). The information that you provide to us may include your contact details, and any other information collected on the form to allow us to fulfil the request.
Information you provide as an employee of a client, through our products or through our client support portals: When you log in to use our products or into our client support portal, you provide us with your name, email address, username and password, and we log your product use. Your login credentials may have been created by you or assigned to you either by Ethos or your firm with whom we have a direct contractual relationship.
Information you provide in connection with a job search: When you apply for a job through our careers portal, we collect your username and password, contact details and resume/CV. If you apply through a social media platform (e.g., LinkedIn), then depending on the platform you use, we will receive either the information contained in your online profile or the resume/CV that you submit. We also collect information that you provide to us at job fairs and during the interview process. Finally, we may require a background check as a condition of employment, where required or permitted by the applicable law of your jurisdiction. Background checks may include credit reports and criminal records, and references in relation to recruitment for specific roles.
Information from public sources: We collect information from the public domain about individuals who work at companies with whom we are seeking to build a business relationship, for purposes of generating leads. In some cases, and where permitted by law, we use third party services that perform these online searches for us. This information typically consists of business contact details.
As part of our recruitment process, we collect information from the public domain that individuals post on professional networking sites and job boards (e.g., LinkedIn).
Additionally, as part of the production of our ESG products, we collect and publish information from the public domain (e.g., public filings, websites, press releases, etc.), which may include information about the officers, directors and other senior managers of corporations that are the subject of our ESG ratings and reports. In the limited circumstances where we believe it to be reasonably justified in order to comply with any transparency and record keeping obligations, we rely on relevant exemptions provided under the GDPR in relation to such processing for a special purpose.
Information from our employees: in furtherance of our employment relationship with our employees, our employee benefit plans and our legal, regulatory and compliance requirements, employees may provide personal information about their spouses/domestic partners, emergency contacts, dependents and other family members. Depending on the purpose, this information may include, for example, name, contact information, age, date of birth, relationship to the employee, gender, account information and social security number or other government issued identifier. This information may pertain to dependent children under the age of 16.
Information from our clients and other third parties: We receive information from our clients and prospects about their personnel for purposes of enabling access to our products, client support portal or other communications portals, and managing our business relationship. This information typically consists of business contact details and login credentials for our products, client support portal or other communications portals.
Clients sometimes include limited personal information in submissions to us, although we do not require such information for our products. We discard or limit internal access to this information, and if used, we seek to anonymize.
We may use web beacons (also known as web bugs, pixel tags or clear GIFs) allowing us to receive interaction information about clients and prospects (opening of emails, clicking of links and associated actions).
Our emails may include links to open attachments, visit pages on our Website, download content, launch surveys or take other actions. If you are in our client or prospect contact database, or have previously interacted with us online, then metadata in these links may enable us to identify you as the person clicking the link.
Where available, we collect aggregated and individually identifiable product usage data, which includes product type, login date/time, pages and features used, client accounts viewed, reports generated and other similar product metrics.
How we use personal information we collect about you depends, in large part, on the purpose for which it is provided to us. The specific purposes for which we process such personal information include:
We do not track your online activities across the Internet. We do not use your personal information for automated decision making, including profiling. We do not sell or rent your personal information to third parties.
If you do not provide us with your personal information, or refuse to provide or withdraw consent (where applicable), we may not be able to perform some or all of the above-described actions.
Where required by applicable data protection law our processing of your personal information will be justified on a lawful basis, such as:
We process personal information on the basis of our legitimate interests, unless we are performing a contract with you (or taking steps to enter into a contract with you at your request), processing to comply with a legal obligation or relying on your consent. For example, we process personal information on the basis of our legitimate interests when operating our Website; managing our relationships with our clients, prospects and Vendors; creating leads and generating sales; managing product and client support logins; IT systems monitoring and network security; building security and safety; and managing our compliance policies/legal/regulatory obligations.
Ethos shares personal information with our Vendors (or our Vendors may collect personal information directly on our behalf), in connection with their performance of services for us. For example, our Vendors assist us in conducting and managing our business; fulfilling our obligations under our agreements; managing our Website, and the content and features available on our Website; managing, providing and improving our products, research, services and client support; providing information to you and responding to your requests. Our Vendors process personal information in accordance with our instructions and are subject to appropriate contractual restrictions and security and confidentiality obligations. Generally, the countries in which our service providers are located are the same counties in which we operate.
If you work for a client, we may provide information about your product usage to your firm with whom we have a direct contractual relationship.
If you attend our events, we may share your name in our participant list/brochure, and we may include photographs/videos taken of you at the event on our website and in our marketing materials.
We may be required to disclose your personal information to comply with any applicable legal or regulatory requirements, or where we believe that the disclosure will further an investigation of suspected or actual illegal activities; to enforce our legal rights; or if we believe it is reasonably necessary to prevent harm or loss.
We may share your personal information with third parties in connection with potential or actual sale of our company or any of our assets, or those of any affiliated company, including through mergers and acquisitions, changes of control or divestitures, or in connection with bankruptcy or insolvency, in which case personal information held by us about our users may be one of the transferred assets. Where appropriate, we will take reasonable measures to require the recipient of your personal information to treat it in accordance with this Privacy Notice. Ethos reserves the right to share any information that you provide which is not deemed personal information or is not otherwise subject to contractual restrictions.
Ethos maintains physical, technical and organizational safeguards designed to protect personal information against unauthorized disclosure or access, and accidental or unlawful destruction, loss or alteration. Highlights of Ethos’s information security program can be found on our Website at https://www.Ethos.com/legal/data-security.
While Ethos aims to safeguard and protect your personal information from unauthorized access, improper use or disclosure, unauthorized modification or unlawful destruction or accidental loss, and Ethos utilizes and maintains certain reasonable processes, systems, and technologies to do so, you acknowledge that no transmission over the Internet is completely secure or error-free, and that these processes, systems, and technologies utilized and maintained by Ethos may be subject to compromise. Accordingly, we cannot be held responsible for unauthorized or unintended access that is beyond our control.
While we generally aim to retain your personal information for the period during which we have a relationship with you, there are many reasons why we may need to retain your data for longer. For example, we may need to retain your personal information if the purpose for which we collected it extends beyond the term of our relationship. We may also retain your personal information for a term that corresponds to a statute of limitations, to establish, exercise or defend legal claims, or as otherwise permitted or required by law, so that in each case we have an accurate record of your dealings with us in the event of any complaints or challenges. We may also retain your personal information for compliance or regulatory purposes, where we are required to do so in accordance with legal, regulatory, tax and/or accounting requirements, or to support a legal or regulatory process, audits, or requests or requirements of a legal or regulatory authority or other governmental entity having authority to make the request.
The Website is not for use by children under the age of 16 years. Except as described in this Privacy Notice with respect to information that employees provide to us about their beneficiaries and dependents in connection with our employment relationship with our employees and our employee benefit plans, Ethos does not knowingly collect, store, share or use the personal information of children under 16 years. If you are under the age of 16 years, please do not provide any personal information, even if prompted by the Website to do so. If you are under the age of 16 years and you have provided personal information, please ask your parent(s) or guardian(s) to notify Ethos and Ethos will take appropriate steps to delete all such personal information.
We send our marketing emails within the US on an opt-out basis and outside of the US, we rely on opt-in consent. We offer multiple ways to manage your email subscriptions, including an online preference center, unsubscribe mechanisms, and direct client support.
You can unsubscribe from our emails and update your communication preferences and personal information as follows:
Marketing / Client Support: You can unsubscribe from our marketing emails or update your marketing preferences at any time by clicking the “unsubscribe” or “change preferences” link provided in such emails. You can also contact our client support team to update your contact information or opt out of marketing emails at any time.
The Website may contain links to third party sites. Since Ethos does not control nor is responsible for the privacy practices of those websites, we encourage you to review the privacy policies of these third party sites. This Privacy Notice applies solely to personal information collected by our Websites or in the course of our business activities.
If you have any questions in relation to this Privacy Notice or our processing of your personal information (other than in relation to a specific information or data subjects rights request), contact us at firstname.lastname@example.org.
This Privacy Notice may be changed from time to time to reflect changes in our practices concerning the collection and use of personal information. Please check back frequently to see any updates or changes to this Privacy Notice.