Ethisphere

Ethisphere Privacy Policy

WHAT THIS PRIVACY POLICY COVERS

We developed this Privacy Policy to be transparent about how we collect, use, and share information about you.

Ethisphere provides various services and products to help companies understand, manage, and improve their programs regarding ethics and compliance, governance, risk, culture of ethics, and other topics. We do this in many ways, including through our websites, conferences or events, webinars, online tools or software, informational white papers or reports, evaluations of company programs, measurement of employees’ perceptions of their employers’ cultures of ethics, administering our company membership community the Business Ethics Leadership Alliance (BELA), and other services and products. We refer to these services and products together as “Services” in this Privacy Policy.

When we refer to “Ethisphere”, “we”, or “us” in this Privacy Policy we mean Ethisphere, LLC. When we refer to “you” we mean you as an individual and “your employer” means the company you work for.

Unless a different privacy policy is displayed, this Privacy Policy covers the information we collect about you when you or your employer use our Services or otherwise interact with us. It also explains your rights and how the law protects you, including your choices about how we use information about you.

If our Services include links that direct you to websites or services other than ours, our Privacy Policy does not apply to any information such websites or services gather about you. Your use and any information you submit to such websites are governed by their privacy policies, not this one.

We use your personal information to provide and improve our Services. By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy.

This Privacy Policy is separated into the following topics:

  1. What information we collect and how
  2. How we use your information
  3. With whom we share information about you
  4. How we store and protect information we collect
  5. Your rights and choices
  6. Sensitive personal information
  7. Cookies and other tracking technologies
  8. Our legal basis for processing your personal information
  9. Privacy policies of other websites
  10. Changes to our privacy policy
  11. How to contact us
  12. How to contact the appropriate authorities

1. What information we collect and how?

We may collect information about you (i) when you provide it to us, (ii) automatically when you use our Services, and (iii) when other sources provide it to us.

Information you provide to us

We collect information about you when you access our Services or otherwise provide it directly to us. Different ways this happens are described below.

Account and Profile Information

We collect information from you when we activate or provide access to an account or software reporting platform, we invite you to modify your account or access, and you sign-up for Services. Examples include if you are accessing a website behind a firewall that requires a specific user name and password (e.g., our BELA Resource Center) or you are completing our Ethics Quotient questionnaire or a similar questionnaire on behalf of your employer. Information we may collect from you to provide access to an account or software reporting platform includes:

  • your name
  • your job title
  • your employer’s name
  • your work email address
  • your password and username
Information You Provide Through Our Services

We may collect information from you when you use our Services. For example, when you respond to our questionnaires, discuss your employer’s programs or practices (e.g., when we interview you or when you provide responses to our Ethics Quotient questionnaire), upload information to our software platforms, speak at our conferences or events, attend a workshop, or interact with us to discuss evaluations of your employer’s programs. Information we may collect from you when you use our Services includes:

  • Your name
  • Your job title
  • Your employer’s name
  • Your work email address
  • Your work address
  • Your work phone number
  • The location (country) of your company’s headquarters
  • The name, job title, email, and work address of other company employees
  • Any other information you create, post, send, receive, or share when using our Services
Information You Provide Through Our Websites

We collect information from you when you submit it to our websites. For example, you may provide us with your information when you request a white paper, subscribe to our magazine, or sign up for a conference, event, or webcast. Information we may collect from you when you submit it through our websites includes:

  • Your name
  • Your work email address
  • Your work phone number
  • Your geographic location
  • Your job title
  • Your employer’s name
  • The location of your employer’s headquarters
  • Your mailing address for delivery of our magazine
  • Any other information you share when using our websites
Information You Provide For Customer Support

You may provide us information regarding a problem you are experiencing with our Services. When you engage with our support team, you may be asked to provide the following information:

  • Your name
  • Your work email address
  • Your work phone number
  • Summary of problem or experience you are having, including related documentation or screen shots
Payment Information

We collect payment and billing information when you use certain Services. While most of this information pertains to your employer, we may ask you to:

  • Designate a billing representative or point of contact, including name and contact information
  • Payment information, such as purchase order or payment record details
  • Payment card information (e.g., a virtual payment card)
  • Bank account and routing numbers

Information we collect automatically

We collect information about you automatically when you use our Services, including browsing our websites and attending our conferences or events. This is described in more detail below.

Your Use of the Services

We keep track of certain information about you when you visit our websites or use our other Services. This information includes the Services you use, including specific resources or features.

Software Platforms and Questionnaire Portals — When you use our BELA Resource Center, software platforms such as The Sphere, or our portals to respond to questionnaires such as our Ethics Quotient questionnaire, we may collect information regarding what web pages you visit, resources you view or download, and your progress responding to any of our questionnaires. When you use our software platform informed360, we may keep track of features you use in risk assessments, disclosures, action plans, surveys, compliance committees, document management, and any other modules. We may also collect information about how you interact with others on the informed360 Services, including with whom you collaborate and communicate, and any content provided in our “comments” and “audit trail” capabilities which allow users to communicate with each other and view activity and changes within the record.

Conferences and Events — We may collect information about your attendance and participation in any in-person or virtual Ethisphere hosted conference or event (e.g., roundtable). For example, we may keep track of sessions attended and your participation in those sessions, record and share your image or voice as a participant in the conference or event, and collect information you provide in messaging or scheduling features available in applications we use to coordinate your conference experience.

Conversations We Have with You – With your consent, we may record the content of live conversations we have with you. Examples include recording conversations you may have with our sales team about our Services, with us regarding accessing benefits of your employer’s BELA membership, and with our Data and Services Team to discuss your employer’s ethics and compliance programs.

Device and Connection Information

We may collect information about your computer, phone, tablet, or other devices used to access our Services. This device information may include: connection type and settings when you install, access, update, or use our Services; your IP address; URLs of referring/exit pages; your geo-location; your operating system; and your browser type.

Cookies and Other Tracking Technologies

We and our third-party providers, such as our software development team, survey platform providers, and cloud services providers, use cookies and other tracking technologies (e.g., web beacons, device identifiers, and pixels) to provide security and functionality, allow us to offer you additional products or Services you may be interested in, and to recognize you across different Services and devices.

Information we receive from other sources

We may receive information about you from other users of our Services, third-party providers, and our business partners.

Users of Our Services, Including Your Employer

Other users of our Services may provide information about you when they submit content to us.

Ethisphere Administered Culture Surveys — We help companies administer surveys of their employees to measure their perceptions of their companies’ cultures of ethics. In administering these surveys, your employer may provide us the following types of information:

  • Your employer’s name
  • Your name
  • Your work email address
  • Your job title
  • Your location
  • Your tenure at your employer
  • Other demographic or employment details as determined by your employer

Ethisphere Evaluations of Your Employer’s Programs — We provide numerous tools and services to help companies measure and improve their programs and practices regarding ethics and compliance, governance, risk, and other topics. The foundation of our evaluations is our understanding of a company’s programs and practices as learned through responses to our proprietary questionnaires (e.g., our Ethics Quotient and Maturity Assessment questionnaires). Your employer or the entity paying for or facilitating your company’s participation in the evaluation may provide us with your name, title, and email address so we can create credentials for you to access the platform to respond to one or more of our questionnaires. The person completing the questionnaires may provide your name, title, work phone number, and work email address to us.

For certain of our evaluations, we also conduct interviews with relevant employees and stakeholders and review documents given to us by companies to help us understand their programs (e.g., organizational charts). The person we interview may provide us with your personal information including your name, job title, email address, and any other information shared with us during the interview. If your employer provides us with documents regarding its programs, the documents may contain personal information such as your name, job title, and other personal information.

Participation in Our Business Ethics Leadership Alliance – If your employer is a member in our Business Ethics Leadership Alliance, it may provide us with your information to allow you to take advantage of such membership. This information may include your name, job title, work email address, work phone number, and mailing address.

Third-Party Integrations

We receive information about you when you or your employer’s system administrator allows us to import data from a third-party or link to a third-party. For example, if your system requires a single-sign-on (“SSO”) to create an account or log into our Services, to authenticate you we receive your name, email address, and other credentialing and demographic information permitted by your employer’s system administrator. You or your employer’s system administrator may ask us to integrate our Services with other services you or your employer use, such as to allow you to access, store, share, and edit certain information from a third-party provider through our Services. For example, in providing our informed360 Services you or your employer may authorize us to access and display records from a third-party whistleblower hotline service, learning management system, or human resources system. The information we receive depends upon the types of data transferred which is determined by your employer and not Ethisphere.

Ethisphere Partners

We work with a global network of partners. Some partners coordinate with us to create and provide our Services and others sponsor our Services, for example conferences and roundtable presentations. This includes helping us market and promote our Services, generating leads, providing parts of the Services for us to sell, generating leads for us, and reselling our Services. We may receive information from these partners, including sales leads, your billing information, your business contact information, your employer’s name, what services or products you have purchased or may be interested in, what events you have attended, and what country you are in.

Third Parties

We may receive information about you and your activities from third parties such as social media or other internet sites we use to conduct research identifying potential customers (e.g., LinkedIn), conference and event organizers, and advertising and market research companies who provide us with information about your actual or potential interest in our Services and online advertisements.

We may combine the information we gather about you, no matter how gathered, to best suit the uses described in the “How will we use your information” section below.

2. How we use your information

How we use the information we collect depends in part on what Services you or your employer take advantage of, how they are used, and any information you or your employer have authorized us to collect. Below are the specific purposes for which we may use information we collect about you.

To Identify and Authenticate You

We may use your personal information to verify your identity when you access and use our Services and to ensure the security of your personal data. This includes creation of an account that is associated with your personal data.

As Needed to Provide the Services

We may use your personal information to provide our Services. Examples of how may use information about you to provide Services include:

  • to invite you to complete a survey measuring your perceptions of your employer’s culture of ethics
  • when reviewing documentation from your employer in our evaluation of processes, procedures, or programs
  • to interact with you when discussing your employer’s processes, procedures, or programs
  • to provide you with resources you request (e.g., when you request a whitepaper or benchmarking data)
  • to provide tailored features on our informed360 software such as using your name and picture (if provided) to identify you to other users, automatically analyzing your activities and those of your team to provide search results, activity feeds, notifications, connections, and recommendations that are the most relevant to your team
  • other similar types of interactions.
To Enhance the Website or Software Experience

We may use the information you provide to enhance and customize your experience on our website or software and to deliver content and product and service offerings relevant to your interests, including targeted offers through our website, third-party sites, or email.

For Research and Development

We are continually trying to improve our Services. To do this, we use collective learnings about how people use our Services and feedback provided to us to troubleshoot and to identify trends or issues, usage, activity patterns and areas for integration and improvement. For example, we may monitor which resources or questions get the most attention from users and increase our focus to make them more robust or we may monitor how long it takes users to complete certain tasks so we can simplify burdensome processes to be clearer and more efficient.

To Communicate with You About Our Services, Including Customer Support

We may use your personal information to communicate with you about our Services. Examples of such communications include confirming use of or ordering of Services, reminding you of dates of Services (e.g., conferences or roundtables), reminding you of expiration dates of Services (e.g., subscription expirations), responding to your comments, questions or requests, providing customer support, paying invoices, billing, and sending you technical notices, updates, security alerts, and administrative messages.

To Market, Promote, and Drive Engagement with Our Services

We may use your contact information and information about how you use our Services to send promotional communications such as emails that we think may be of interest to you. Through these communications we strive to drive engagement and maximize what you get out of our Services and expose you to the products and services of our partners. This includes information about new features, survey requests, newsletters, products, and events that we think may interest you. We also communicate with you about new Services you are not yet using and promotions we or our partners may be having. We may use recordings of our conversations we have with you to better follow-up on what was discussed and to improve our marketing and sales processes. You can control whether you receive these communications as described below under “Your rights and choices”.

To Provide Your Employer With Information of Usage of Our Resources

If you access our website as part of your company’s membership in our Business Ethics Leadership Alliance or for us to provide Services to you on behalf of your employer, we may use your personal information to report your activity on our websites and utilization of our Services to your employer.

To Process Payments

We may use information about you to process payments for our Services or to pay you or your employer for services provided to us. We process payments through external services. We either collect information about you and share it with the third-party service for processing or the third-party service collects your information from you for processing.

We may use information about you where you or your employer provides us consent to do so for a specific purpose not listed above. For example, with your permission we may use your information to publish testimonials or opinions about our Services or topics relevant to our Services (e.g., ethics and compliance programs or practices).

We may use information about you and your use of our Services to verify accounts and activity, monitor suspicious or fraudulent activity, and identify violations of our policies. Where required by law or where we believe it’s necessary to protect our legal rights, our interests, or the interests of others, we may use information about you in connection with legal claims, compliance, regulatory and audit functions, and disclosures in connection with the acquisition, merger, sale, or other due diligence by a third party of all or a portion of our business.

3. With Whom We Share Information About You

We work with companies individually and facilitate a community of companies working collaboratively to understand, manage, and improve their programs regarding ethics and compliance, governance, risk, culture of ethics, and other topics. This means sharing information through Services and with certain third parties.

Except as specifically explained below, we do not sell information about you to third parties.

With Other Users of Our Services

When you use our Services, we may share certain information about you with other users of the Services. For example, if you participate in conferences, roundtables, or other events we may share information about you with other attendees. Similarly, we may share information about you with others at your employer when conducting an evaluation of your employer’s programs or processes. If you create content on any of our software (e.g., informed360), and grant permissions for others to see, share, edit copy, or download that content, some of the collaboration features will share information about you.

With Your Employer or the Company Hiring Us to Provide the Services

If you register or access the Services using an email with a domain owned by your employer, certain information about you like your name, profile, account use, and other information we gather may become accessible to your employer. If you access or use our Services on behalf of your employer (e.g., your employer’s membership in our BELA community), we may share information we collect about your use of our Services with your employer. For example, if you access our BELA Resource Center, attend our conferences or events, or use any other Services we may share your usage information with your employer. Similarly, if we are hired by a company to provide Services to your employer (e.g., a customer asking your employer as its supplier to participate in our evaluation or a private equity firm asking your employer as its portfolio company to participate in our evaluation) we may share information about you with the company hiring us to provide the Services.

On Public Facing Mediums Such as Our Websites and Social Media

With your express consent, we may share information about you on our websites, social media feeds, magazine, or other public facing media along with specific comments to publish testimonials or opinions about our Services or topics relevant to our Services (e.g., ethics and compliance programs or practices).

With Our Service Providers

We may share information about you with our service providers that help us provide our Services. For example, we work with third-party service providers to provide website and application development and maintenance, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis, marketing, and other services for us. We also work with third-party service providers to help us host our conferences and events (in person or virtually). These third-party service providers may need access to information we have about you to provide us the services. We have entered into written agreements with such providers to protect your information and ensure that they treat it consistent with this Privacy Policy.

With Partners and Sponsors

We cooperate with and rely upon partners and sponsors to help make our conferences, events, and other Services as informative as possible. For example, we may partner with experts on certain topics (e.g., mental health, diversity, or data privacy) to collaborate on Services. We may share information about you with such partners in connection with the Services we are coordinating with them so long as they are bound by confidentiality restrictions to protect information about you and ensure they treat it consistent with this Privacy Policy.

With your consent, we may share your personal information gathered when you register for or attend a conference or event with our partners or sponsors who may use the information to contact you to follow-up regarding the conference or event or their products and services. Under certain privacy regulations this is considered “selling” the information since our sponsors compensate us for the right to be a sponsor. You can withdraw such consent as described below under “Your rights and choices”.

With Affiliated Companies

We may share information we collect with affiliated companies and possibly with potential affiliates. Affiliated companies are companies that own or control us, are owned or controlled by us, own or control an affiliate, or are owned or controlled by an affiliate. The protections of this Privacy Policy apply to the information we share with affiliated and potentially affiliated companies.

With Regulators and Others Necessary to Enforce Our Rights

Although unlikely, we may share information about you with a third party if we believe that it is necessary to (i) comply with any applicable law, regulation, legal process or government request, (ii) enforce our agreements, policies, or terms of service, (iii) protect the security or integrity of our Service, (iv) protect us, our customers, or the public from harm or illegal activities, or (v) respond to an emergency which we believe requires us to disclose it.
With Perspective and Actual Partners, Purchasers, or Lenders
We may share or transfer information we collect under this Privacy Policy with any company conducting due diligence in connection with a merger, sale of our assets, financing, or sales or acquisition of all or a portion of our business. We may share or transfer information we collect under this Privacy Policy with any entity that we merge with, sell any of our assets to, acquire, or sell all or a portion of our business to.

4. How we store and protect information we collect

Information Storage and Security

We use data hosting service providers in the United States of America and the European Union and have technical support for our systems located in the United States of America and the Republic of the Philippines. We use reasonable technical measures to secure information about you. While we implement safeguards designed to protect the information we collect, no security system is fool proof. Due to the inherent nature of the internet and the world in which we live, we cannot guarantee the absolute security of the information we collect.
We recommend that you use complex and unique passwords for your Ethisphere accounts and for third-party accounts linked to them. Do not share your passwords with anyone.
If you have reason to believe your interaction with us is no longer secure, notify us immediately.

How Long We Keep Information

How long we keep information about you varies. If the information is gathered pursuant to an agreement we have with your employer (e.g., we are administering a culture survey), how long we keep it depends on the terms and conditions of that agreement. If the information we gather is not subject to an agreement with your employer, we will keep it until we determine that our purpose for collecting it is completed.

5. Your rights and choices

We would like to make sure you are fully aware of your data protection rights.

Depending upon where you are located, the EU General Data Protection Regulation 2016/679 (“GDPR”) or similar legal requirements may apply to how we gather, protect, and use your personal information. You may have the following rights, subject to some limitations:

  • The right to know – You may request information about our use of your personal information (e.g., the pieces and categories of personal information we have, the categories of sources, purposes for collection, the third parties to whom we have disclosed personal information, and personal information we have disclosed);
  • The right to review and access – You may request access and review of your personal information;
  • The right to rectify – You may request we correct, update, or modify the personal information we hold about you which you believe is inaccurate or incomplete;
  • The right to erase – You may request we delete, de-identify, anonymize, or block your personal information;
  • The right to restrict – You may request we restrict our use of your personal information;
  • The right to object – You may object to our use of, or certain types of disclosures of, your personal information;
  • The right to transfer – You may request the transfer of your personal information we hold about you to a third party;
  • The right to receive – You may request receipt of your personal information in a usable format and transmit it to a third party (also known as the right of data portability);
  • The right to lodge a complaint – You may lodge a complaint with your local data protection authority;
  • The right to object to processing – You may object to our collection and use of your personal information, under certain conditions;
  • The right to opt-out – You may opt-out of the sale of your personal information;
  • The right to initiate a private cause of action – You may bring a cause of action for data breaches; and
  • The right to withdraw consent – You may withdraw consent you have given us to gather and use your information (the withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal).

If you would like to exercise any of these rights, you may email us at [email protected].

You may be given an opportunity to tell us whether you would like to receive information, special offers, and promotional materials by email from Ethisphere or our business partners when you create an account, use certain Services, or provide us with your personal information. You may withdraw your consent or opt out of receiving marketing emails from Ethisphere at any time without cost by clicking on the relevant link contained in our marketing emails or by emailing us at [email protected].

When you exercise your privacy rights, such as those conferred by the applicable data protection laws, you have a right not to receive discriminatory treatment by Ethisphere for the exercise of such privacy rights.

If we are collecting information pursuant to Services provided to your employer, we are acting on the instructions of your employer and on its behalf. In these instances, please direct any requests to access, correct, modify, or delete your information to your employer or system administrator. We will refer any requests we receive regarding such information to your employer for response.

6. Sensitive personal information

We generally don’t want to gather any sensitive information about you. This includes:

  • Your social security number
  • Your racial or ethnic origin
  • Your political opinions
  • Your religion or other beliefs
  • Your health, biometric or genetic characteristics
  • Any trade union membership
  • Any criminal background

There may be situations when we request this information, but you can decline to answer. Outside those situations we would prefer you never share that information with us.

7. Cookies and Other Tracking Technologies:

Ethisphere and our third-party partners, such as our advertising and analytics partners, use various technologies to collect information, such as cookies and web beacons.

What are cookies?

Cookies are small text files that are placed on a user’s device (such as a computer or mobile device) by a website when the user visits that site. Examples of cookies that could be used to store information include storing user preferences, activities on the website, login credentials, shopping cart contents, or browsing history.

Cookies can be either first-party or third-party. First-party cookies are created by the website that the user is visiting, while third-party cookies are created by a different website that the user may not have directly interacted with, such as an advertising network.

What types of cookies do we use and how?

There are different types of cookies; our website uses the following:

  • Required Cookies: necessary to enable the basic features of the website to function. We use some cookies that are required for the delivery of services on our website. Cookies that are required allow us to maintain and improve the safety and security of our websites, authenticate users, allow you to sign in to different portions of our website, and balance traffic on our website. Cookies that are required are not used for marketing purposes.
  • Functional Cookies: allow us to analyze your use of the website to evaluate and improve our performance. We also use functional cookies to improve our Services to you and personalize your web browsing experience, such as by gaining a better understanding of your interests and requirements regarding our website, our business, or our products/services.
  • Advertising Cookies: cookies from third-party advertising channels such as LinkedIn, Facebook/Instagram/Meta, Twitter, YouTube, Google Ads, and Native Advertising. You have the ability to disable these cookies using our website’s built-in cookie management system.
  • Uncategorized Cookies: new cookies on the website that we have not yet categorized under the previous three categories. You will be able to disable these, but disabling may affect website functionality or your user experience temporarily until the cookies are categorized.
How to manage cookies

You can set your browser, by changing its options, to not to accept cookies or to prompt you before accepting a cookie from websites you visit. If you do not accept cookies, some of our website features may not function as a result. You may also be able to disable the cookies, through a popup on our website by selecting which cookies to allow, or not allow, based on the categories above.

In some jurisdictions, like the European Union and European Economic Area, we only collect, use or share information about you when we have a valid reason. This is called “lawful basis.” Specifically, this is one of the following:

  • The consent you provide to us at the point of collection of your information
  • The performance of the contract we have with you
  • The compliance of a legal obligation to which we are subject or
  • The legitimate interests of Ethisphere or a third party. “Legitimate interest” is a technical term under international laws, including the European Union General Data Protection Regulation. It means that there are good reasons for the processing of your personal information, and that we take measures to minimize the impact on your privacy rights and interests. “Legitimate interest” also refers to our use of your data in ways you would reasonably expect and that have a minimal privacy impact.

    We have a legitimate interest in gathering and processing personal information, for example: (1) to ensure that our networks and information are secure; (2) to administer and generally conduct business within Ethisphere; (3) to prevent fraud; and (4) to conduct our marketing activities.

In addition to the above, we may get information about you from your employer. When we gather information from your employer or a third-party partner of your employer, we are acting on the instructions of your employer and on its behalf. Our actions are generally governed by a formal contract. In such a case we process the information based on instructions from your employer and coordinate with your employer to ensure we are following the applicable laws.

9. Privacy policies of other websites

The Ethisphere website contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.

10. Changes to our privacy policy

Ethisphere keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on October 30, 2024.

11. How to contact us

If you have any questions about Ethisphere’s privacy policy, the data we hold about you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.

Email us at: [email protected]
Or write to us at: 4400 N. Scottsdale Rd, Ste 9-706, Scottsdale, AZ 85251.

12. How to contact the appropriate authorities

Should you wish to report a complaint or if you feel that Ethisphere has not addressed your concern in a satisfactory manner, you may contact the applicable Information Commissioner’s Office if you are in the European Economic Area or the applicable government regulator in the region in which you are located (e.g., state attorney general’s office).