Privacy Policy

Last updated October 16, 2025

For California residents, you may see the Notice at Collection here.

ComplianceLine, LLC, doing business as Ethico, (“Ethico,” “we,” “our,” or “us”) is committed to complying with all applicable data privacy laws, including protecting the security and confidentiality of any information that is personally identifiable to an individual (“Personal Data”). This is Ethico’s Privacy Policy, which sets forth how we collect, use, share, and retain (collectively, “process”) Personal Data in situations where we, as a Controller, determine how Personal Data is processed. Ethico’s Privacy and Cookies Policy also provides information on your data privacy rights and how to exercise them. The most current version of Ethico’s Privacy Policy can be found on Ethico’s website at https://ethico.com/privacy-policy/. If you would like to learn how we process Personal Data as a Processor, please visit Ethico’s website at https://ethico.com/processor/.

Who We Are

Ethico is a leading provider of software solutions to professionals in compliance, human resources, and risk management. We provide a suite of corporate integrity services via our ECOsystem platform, which includes compliance management and hotline & sanctions screening solutions. We also offer training and educational resources and host in-person and online events, including our Ethicsverse webinars.

We process Personal Data as a Controller in connection with our core business activities, such as marketing, sales activity, and account management. We do not use text messaging for marketing purposes, but we provide marketing communication via email and phone calls. This Privacy Policy sets forth how we process Personal Data in situations where we, as a Controller, determine how Personal Data is processed.

Ethico is headquartered at 8615 Cliff Cameron Dr Ste 290, Charlotte, North Carolina 28269 in the United States of America. Questions about our privacy practices may be addressed to privacy@ethico.com.

Categories of Personal Data We May Collect

Ethico may collect the collecting categories of Personal Data:

  • Your name and contact details such as your phone number and email address;
  • Information related to your current or past work, such as your employer, job title, company address, and conferences, webinars, or training that you have attended;
  • Information related to your interactions with our website and webinar platforms, such as cookies, the pages you have visited, and the date and time of your visit, and comments that you leave in online webinar, training, or blogs hosted by Ethico;
  • Information related to your interactions with our products and services, such as how often you log in, the tools that you utilize, and your interactions with our personnel such as customer service; and
  • Information related to your communications with us, such as your video calls and email communications related to product demos, attendance at webinars or training sessions hosted by Ethico, or your feedback on our products or services.

Our marketing materials, content, and products and services are intended for adults working in the professional fields of compliance, human resources, and risk management. We do not knowingly collect or maintain Personal Data from or about anyone under eighteen (18) years of age.

Why We Need Your Personal Data

We process your Personal Data for the following reasons:

  • To offer you and provide you with Ethico’s products and services;
  • To improve upon our products and services;
  • To offer you industry-related content and information, including in-person and online events;
  • To communicate with you during the business relationship, including providing you with customer service;
  • To operate and improve our overall business operations, such as understanding market trends, developing new products and services, and carrying out internal administrative functions;
  • To protect parties in the event of a legal dispute; and
  • To comply with court orders and legal or regulatory processes.

We may also transfer Personal Data in the event of an actual or potential sale or transfer of our business or assets (such as a merger, acquisition, or reorganization).

We do not engage in automated decision-making with your Personal Data.

What If I Decide Not to Provide My Personal Data?

You are not obligated to provide us with your Personal Data. If you opt-out of marketing emails, you will not receive emails related to our products and services, training and educational When you provide us with your Personal Data, such as signing up to one of our Ethicsverse webinars, and you consent to receive marketing communications and resources, and our events, including our Ethicsverse webinars. (Note that you must affirmatively reach out to privacy@ethico.com asking to opt back into these emails.) Also, please note that if you exercise any right to delete your Personal Data, and you currently work for an organization that is a client of Ethico, we may not be able to provide your organization with the services for which they have contracted if your role is integral to the performance of that contract.

How We Collect Personal Data

We may collect Personal Data from you in the following ways:

  • Via registration forms, such as when you provide us with your Personal Data when you sign-up for a seminar or download content on our website;
  • Via in-person interactions, such as when we we scan your badge at an industry conference or you provide us with your business card;
  • Via online interactions such as the chat room for Ethico’s Ethicsverse webinars;
  • Via Google Meet calls with prospective and current clients, which we record for quality assurance (and which you have the option to opt-out of at the start of the call);
  • Via Cookies and other data analytics, if you visit our website;
  • Where permitted, via social media channels such as LinkedIn, when you interact with or comment on our content or engage with our personnel; and
  • From third-party sources such as conferences who may provide us with a list of names of attendees.

Our Legal Basis for Processing Your Personal Data

When we process Personal Data, including the data of any residents located in the United Kingdom, the European Union, or Switzerland, we rely upon a legal basis for such processing. The legal bases upon which we rely are:

  • Where we have obtained your consent to process your Personal Data;
  • Where we have a legitimate business interest in processing your Personal Data and that interest does not interfere with any Personal Data rights that you may have (such as, for example, when the processing takes place in the context of a client relationship or for direct marketing purposes to share our products and services with professionals in the compliance, Human Resources, and risk management industry);
  • Where it is necessary for the performance of a contract; or
  • In certain instances where we determine we have a legal obligation to do so.

Who Do We Share Personal Data With?

We will never sell your Personal Data or “share” it as defined under the California Consumer Protection Act/California Privacy Rights Act (“CCPA/CCRA”). (Please note that we are not subject to the CCPA/CPRA because we do not meet the threshold requirements.)

We may share your Personal Data with third-party service providers in order to fulfill our contractual relationships with you and/or to offer you products or services that you have requested. For example, we may provide a list of email addresses to a marketing vendor for the limited purpose of fulfilling an email campaign, or if you contact us to have an investigation outsourced, we may provide your contact information to our outsourced investigation services firm so that they may provide you with the service.

Other instances where we may disclose Personal Data is if we are required to do so under applicable laws or regulations, we need to establish or defend our legal rights or the rights of other individuals or business partners, or instances where we are acting in order to prevent an illegal activity or harm.

Data Privacy Framework for Data Transfers and Data Storage

Our offices and employees are located in the United States of America (“U.S.”). Personal Data from residents in the United Kingdom (“UK”), European Economic Area (“EEA”), and Switzerland and other countries may be transferred to the U.S. and stored in our U.S. servers.

Ethico has certified compliance with the EU-U.S. Data Privacy Framework (“DPF”), the UK Extension to the EU-U.S. DPF, and Swiss-UK DPF. The DPF was developed by the U.S. Department of Commerce, the European Commission, the UK Government, and the Swiss Federal Administration to provide a reliable transfer mechanism for Personal Data transferred to the U.S. from the EU, UK, and Switzerland, while ensuring data protection that is consistent with EU, UK, and Swiss law.

We are committed to following DPF Principles for all Personal Data received from the EU, UK, and Switzerland. If there is any conflict between the terms in this Privacy Policy and the DPF, the DPF shall govern. To learn more about the DPF, please visit https://www.dataprivacyframework.gov/s/. To view our certification on the Data Privacy Framework List, please visit https://www.dataprivacyframework.gov/s/participant-search and search for ComplianceLine.

In adherence to DPF Principles, Ethico is responsible for Personal Data it receives from the EU, UK, and Switzerland, including any Personal Data it subsequently transfers to a third party acting as an agent on our behalf. With respect to Personal Data received or transferred pursuant to the DPF, Ethico is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission and any other regulatory authorities authorized under the DPF. In certain situations, Ethico may be required to disclose Personal Data response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the DPF Principles, we have designated an independent dispute resolution body to address complaints and provide appropriate recourse free of charge to an individual who has a complaint or inquiry that is unresolved by Ethico. If you have an unresolved complaint or inquiry related to your Personal Data that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider, JAMS, at https://www.jamsadr.com/DPF-Dispute-Resolution. This service is at no cost to you. In certain conditions, it is possible to invoke binding arbitration when other dispute resolution procedures have been exhausted.

Data Retention

We will retain your Personal Data for as long as your organization is a client and/or email address is active and you do not request to have your Personal Data deleted.

Security Measures

Ethico utilizes industry accepted security measures to protect against loss, misuse, unauthorized access, disclosure, alteration, and destruction of data submitted to our systems, both during transmission and when we receive it. Access to your Information is strictly limited and we take reasonable measures to ensure that your Information is not accessible to the public. We restrict access to Personal Data to only those persons who need access to perform or provide their job or service, both internally and with our third-party service providers. We utilize industry standard access controls and detection capabilities for our internal networks in order to prevent unauthorized network access. We regularly undergo third-party audits, including an annual SOC 2 Type 2 audit. Information is encrypted with advanced TLS (Transport Layer Security) when collected and transmitted and is also encrypted at rest.

While Information Security is of paramount importance to Ethico, no method of transmission over the Internet, or method of electronic storage, is 100% secure, and we cannot guarantee its absolute security. As required under applicable data protection laws, we shall notify you via email, and any applicable regulatory agencies, if we learn of an information security breach of your Information. Please be advised that notice may be delayed in order to address the needs of law enforcement, determine the scope of network damage, and to engage in remedial measures.

Opting-Out of Marketing

When you provide us with your Personal Data, such as signing up to one of our Ethicsverse webinars, and you consent to receive marketing communications related to our products and services and events, we will use that information to send those communications to you (via emails and calls). If you wish to opt-out of receiving communications from us, contact us at privacy@ethico.com. Please allow several days for us to process your opt-out request. Note that we may retain your name and contact information on a list for the sole purposes of ensuring we comply with your request. If you feel your opt-out request was not properly honored or you would like to request to opt-in to marketing communications after a prior request to opt-out, please contact us again at privacy@ethico.com.

Cookies

A cookie is a small file of letters and numbers that is downloaded onto your computer when you visit a website. Cookies are used by many websites and can do a number of things, including remembering your preferences, recording what you have put in your shopping basket, and counting the number of people looking at a website. Ethico utilizes web logging and Cookies to gather data about visitors to our site in order to gather insights and improve our services.

We may use Google Analytics and similar tools to help analyze how users interact with our website and to display customized ads and other content to our users during a current browsing session or in the future when the user is online. These analytics are performed by using the technological means described above to monitor a user’s interactions with the website and do not involve the collection of any additional Information.

Most browsers are initially set up to accept Cookies, but users can reset their browsers to refuse all Cookies or to indicate when a Cookie is being sent or to refuse online tracking. To disable and reject certain Cookies, follow the instructions associated with your Internet browser. If you would like to clear, delete, or block your cookies, you can do so via settings on your webpage browser.

Even where you reject a Cookie, you may still use the Website, but your ability to use certain features or offerings may be impaired. For example, if you return to the Website, you may have to re-enter Information you previously supplied to us. We may retain Cookie data indefinitely.

Data Privacy Rights

Certain countries, states, and territories have set forth data privacy rights for residents.

In the UK, EEA and Switzerland, these rights are:

  • The right to withdraw consent. To the extent you provide consent to the processing of your Personal Data, including marketing communications, you can withdraw your consent at any time. Your withdrawal will not affect the lawfulness of our processing based on consent before your withdrawal.
  • Right of access to and rectification of your Personal Data. If you would like to request access or correct your Personal Data, you can submit a written request to privacy@ethico.com.
  • Right to erasure (or, “Right to be forgotten”). You can ask us to stop processing and delete your Personal Data in certain circumstances (for example where it was processed on the basis of your consent and you withdraw such consent or where it is no longer necessary for us to process it).
  • Right to data portability. You can request to receive your Personal Data from us in a machine-readable, commonly used format of our choosing and/or have us transfer your Personal Data directly to another controller.
  • Right to object to, or restrict, processing. Where the processing of your Personal Data is based on consent, contract, or legitimate interests, you may restrict or object, at any time, to the processing of your Personal Data, as permitted by applicable law. Note that you will never need to opt-out of the sale of your Personal Data because Ethico does not sell your Personal Data.
  • Right to not be the subject of automated individual decision-making, including profiling. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects on you, except as allowed under applicable data protection laws.

Many U.S. states are also enacting data privacy laws. Even where these state laws are not currently applicable to Ethico (for example, the CCPA/CPRA), we value your privacy rights. Regardless of where you are located, we will honor your request to access, correct, or delete your Personal Data.

To make a request regarding your data rights, please contact privacy@ethico.com. In your email, please write “Data Privacy Rights” in the subject line and in the body of the email state the right you would like to exercise. We will promptly review your request, determine how we can process your request in compliance with applicable laws, and provide you with an explanation on how we are taking action on your request. Note that we may need to seek additional details from you in order to process your request and that, if you request to have your Personal Data deleted, we may retain your name and contact information on a list for the purpose of ensuring we comply with your request. Residents of the UK, EEA, and Switzerland also have the right to lodge a complaint with their relevant supervisory authority if they feel their data privacy rights are not being respected.

Changes to This Privacy Policy

We may update this Policy from time to time. The most current version of the Policy will always be available via a link on Ethico’s homepage. If we make significant changes to how we process your Personal Data, we will notify you via email.

Contacting Us with Questions or Concerns

If you have questions or complaints regarding our privacy policy or practices, or would like to exercise your data privacy rights, contact us at privacy@ethico.com“If you have an unresolved complaint or inquiry related to your Personal Data that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider, JAMS, at https://www.jamsadr.com/DPF-Dispute-Resolution

You may also send us mail at the following address:

Ethico
Attention: Privacy
8615 Cliff Cameron Drive, Suite 290
Charlotte, NC 28269
USA