Ethico’s Privacy and Cookies Policy
Last Updated August 1, 2023
ComplianceLine, LLC, doing business as Ethico, (“Ethico,” “we,” “our,” or “us”) is committed to complying with all applicable data privacy laws, including protecting the security and confidentiality of any information that is personally identifiable to an individual (“Personal Data”). Ethico’s Privacy and Cookies Policy is comprised of two parts: 1) Ethico’s Privacy Policy, which sets forth how we collect, use, share, and retain (collectively, “process”) Personal Data in situations where, as a Controller, we determine how Personal Data is processed and 2) Ethico’s ECOsystem Privacy Policy, which sets forth how we process Personal Data as a Processor on behalf of our client organizations that use our products and services. Collectively, we refer to both policies as Ethico’s Privacy and Cookies Policy. Ethico’s Privacy and Cookies Policy also provides information on your data privacy rights and how to exercise them. The most current version of Ethico’s Privacy and Cookies Policy can be found on Ethico’s website at https://ethico.com/privacy-policy/. This Privacy and Cookies Policy also provides information on your data privacy rights and how to exercise them.
Who We Are
Ethico is a leading provider of ethics, compliance, and HR software solutions to professionals in compliance, human resources, and risk management. We provide a suite of corporate integrity services via our ECOsystem platform, which includes compliance management and hotline & sanctions screening solutions. We also offer training and educational resources and host in-person and online events, including our Ethicsverse webinars.
We process Personal Data as a Controller in connection with our core business activities, such as marketing, sales activity, and account management. We process Personal Data as a Processor (or service provider) when we process Personal Data on behalf of and at the direction of our clients, such as providing intake for hotline calls, conducting exit interviews, or running background checks.
Ethico is headquartered at 8615 Cliff Cameron Dr Ste 290, Charlotte, North Carolina 28269 in the United States of America. Questions about our privacy practices should be addressed to privacy@ethico.com.
Ethico’s Privacy Policy
Ethico’s Privacy Policy sets forth how we collect, use, share, and retain (collectively, “process”) Personal Data in situations where, as a Controller, we determine how Personal Data is processed.
Categories of Personal Data We May Collect
Ethico may collect the collecting categories of Personal Data from business contacts in our industry:
Our marketing materials, content, and products and services are intended for adults working in the professional fields of compliance, human resources, and risk management. We do not knowingly collect or maintain Personal Data from or about anyone under eighteen (18) years of age.
Why We Need Your Personal Data
We process your Personal Data for the following reasons:
We may also transfer Personal Data in the event of an actual or potential sale or transfer of our business or assets (such as a merger, acquisition, or reorganization).
We do not engage in automated decision-making with your Personal Data.
What If I Decide Not to Provide My Personal Data?
You are not obligated to provide us with your Personal Data. If you opt-out of marketing emails, you will not receive emails related to our products and services, training and educational resources, and our events, including our Ethicsverse webinars. Also, please note that if you exercise any right to delete your Personal Data, and you work for an organization that is a client of Ethico, we may not be able to provide your organization with the services for which they have contracted if you are integral to the performance of that contract.
How We Collect Personal Data
We may collect Personal Data from you in the following ways:
Our Legal Basis for Processing Your Personal Data
When we process Personal Data, including any residents located in the United Kingdom or the European Union, we rely upon a legal basis for such processing. The legal bases on which we rely are:
Who Do We Share Personal Data With?
We will never sell your Personal Data.
We may share your Personal Data with third-party service providers in order to fulfill our contractual relationships with you and/or to offer you products or services that you have requested. For example, we may provide a list of email addresses to a marketing vendor for the limited purpose of fulfilling an email campaign, or if you contact us to have an investigation outsourced, we may provide your contact information to our outsourced investigation services firm so that they may provide you with the service.
Other instances where we may disclose Personal Data is if we are required to do so under applicable laws or regulations, we need to establish or defend our legal rights or the rights of other individuals or business partners, or instances where we are acting in order to prevent an illegal activity or harm.
Data Privacy Framework for Data Transfers and Data Storage
Our offices and employees are located in the United States of America (“U.S.”). Personal Data from residents in the United Kingdom (“UK”), European Economic Area (“EEA”), and other countries may be transferred to the U.S. and stored in our U.S. servers.
Ethico has certified compliance with the EU-U.S., UK Extension to the EU-U.S., and Swiss-UK Data Privacy Framework (“DPF”) developed by the U.S. Department of Commerce, the European Commission, the UK Government, and the Swiss Federal Administration to provide a reliable transfer mechanism for Personal Data transferred to the United States from the EU, UK, and Switzerland while ensuring data protection that is consistent with EU, UK, and Swiss law. As a company certified to the DPF, we are subject to the jurisdiction of the U.S. Federal Trade Commission and other U.S. authorities authorized under the DPF.
We are committed to following DPF Principles for all Personal Data received from the EU, UK, and Switzerland. If there is any conflict between the terms in this Privacy Policy and the DPF, the DPF shall govern. To learn more about the DPF, please visit https://www.dataprivacyframework.gov/s/. To view our certification on the Data Privacy Framework List, please visit https://www.dataprivacyframework.gov/s/participant-search and search for ComplianceLine.
In adherence to DPF Principles, Ethico is responsible for Personal Data it receives from the EU, UK, and Switzerland, including any Personal Data it subsequently transfers to a third party acting as an agent on our behalf. With respect to Personal Data received or transferred pursuant to the DPF, Ethico is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission and any other regulatory authorities authorized under the DPF. In certain situations, Ethico may be required to disclose Personal Data response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the DPF Principles, we have designated an independent dispute resolution body to address complaints and provide appropriate recourse free of charge to an individual who has a complaint or inquiry that is unresolved by Ethico. If you have an unresolved complaint or inquiry related to your Personal Information that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider at https://feedback-form.truste.com/watchdog/request. In certain conditions, it is possible to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Data Retention
We will retain your Personal Data for as long as your email address is active and you do not request to have your Personal Data deleted.
Security Measures
Ethico utilizes industry accepted security measures to protect against loss, misuse, unauthorized access, disclosure, alteration, and destruction of data submitted to our systems, both during transmission and when we receive it. Access to your Information is strictly limited and we take reasonable measures to ensure that your Information is not accessible to the public. We restrict access to users’ Information to only those persons who need access to perform or provide their job or service, both internally and with our third-party service providers. We utilize industry standard access controls and detection capabilities for our internal networks in order to prevent unauthorized network access. We regularly undergo third-party audits, including an annual SOC 2 Type 2 audit. Information is encrypted with advanced TLS (Transport Layer Security) when collected and transmitted and is also encrypted at rest.
While Information Security is of paramount importance to Ethico, no method of transmission over the Internet, or method of electronic storage, is 100% secure, and we cannot guarantee its absolute security. In compliance with the requirements of applicable data protection laws, we shall notify you via email, and any applicable regulatory agencies, if we learn of an information security breach of your Information. Please be advised that notice may be delayed in order to address the needs of law enforcement, determine the scope of network damage, and to engage in remedial measures.
Opting-Out of Marketing
When you provide us with your Personal Data, such as signing up to one of our Ethicsverse webinars, and you consent to receive marketing communications related to our products and services and events, we will use that information to send those communications to you. If you wish to opt-out of receiving communications from us, please fill out this form. You may also use the form to correct your Personal Data, request that it be deleted, or to request additional information. Please allow several days for us to process your opt-out request. Note that we may retain your name and contact information on a list for the sole purposes of ensuring we comply with your request. If you feel your opt-out request was not properly honored or you would like to request to opt-in to marketing communications after a prior request to opt-out, please email us at privacy@ethico.com.
Cookies
A cookie is a small file of letters and numbers that is downloaded onto your computer when you visit a website. Cookies are used by many websites and can do a number of things, including remembering your preferences, recording what you have put in your shopping basket, and counting the number of people looking at a website. Ethico utilizes web logging and Cookies to gather data about visitors to our site in order to gather insights and improve our services.
We may use Google Analytics and similar tools to help analyze how users interact with our website and to display customized ads and other content to our users during a current browsing session or in the future when the user is online. These analytics are performed by using the technological means described above to monitor a user’s interactions with the website and do not involve the collection of any additional Information.
Most browsers are initially set up to accept Cookies, but users can reset their browsers to refuse all Cookies or to indicate when a Cookie is being sent or to refuse online tracking. To disable and reject certain Cookies, follow the instructions associated with your Internet browser. If you would like to clear, delete, or block your cookies, you can do so via settings on your webpage browser. Please visit the following pages to learn more about how to control Cookies: Microsoft Edge cookies information, Internet Explorer cookies information, Chrome cookies information, Firefox cookies information, Safari mobile device information, and Safari desktop information. Our website, as with most websites, does not currently recognize opt-out preference signals (and we are not required to do so under applicable laws).
Even where you reject a Cookie, you may still use the Website, but your ability to use certain features or offerings may be impaired. For example, if you return to the Website, you may have to re-enter Information you previously supplied to us. We may retain Cookie data indefinitely.
Please note that opting out of interest-based advertising does not mean you will no longer see advertising online. Rather, it means that the company or companies from which you opt-out will no longer show ads that have been tailored to your interests.
Data Privacy Rights
Certain countries, states, and territories have set forth data privacy rights for residents. In the UK and throughout the EEA, these rights are:
Many U.S. states are also enacting data privacy laws. Although these state laws are currently not applicable to Ethico, we value your privacy rights. Regardless of where you are located, we will honor your request to access, correct, or delete your Personal Information.
To make a request regarding your data rights, please contact privacy@ethico.com. In your email, please write “Data Privacy Rights” in the subject line and in the body of the email state the right you would like to exercise. We will promptly review your request, determine how we can process your request in compliance with applicable laws, and provide you with an explanation on how we are taking action on your request. Note that we may need to seek additional details from you in order to process your request and that, if you request to have your Personal Data deleted, we may retain your name and contact information on a list for the sole purposes of ensuring we comply with your request. Residents of the UK and EEA also have the right to lodge a complaint with their relevant supervisory authority if they feel their data privacy rights are not being respected.
Changes to This Privacy Policy
We may update this Policy from time to time. The most current version of the Policy will always be available on Ethico’s homepage. If we make changes to how we process your Personal Data, we will notify you via email.
Contacting Us with Questions or Concerns
If you would like to opt-out of marketing emails or exercise your data privacy rights to correct, delete, and access your Personal Data, please complete this online form. If you have questions or complaints regarding our privacy policy or practices, or would like to exercise additional data privacy rights, you may also contact us at privacy@ethico.com. If you are an EU, UK or Swiss resident and have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
You may also send us mail at the following address:
Ethico
Attention: Privacy
8615 Cliff Cameron Drive, Suite 290
Charlotte, NC 28269
USA
Ethico’s ECOsystem Privacy Policy
Ethico’s ECOsystem Privacy Policy sets forth how we process Personal Data as a Processor on behalf of our client organizations that use our products and services. Each client organization who purchases our products or services acts as a Controller of any Personal Data, which means that they determine how that Personal Data is collected, used, retained, and shared (“processed”). As a Processor, we only process Personal Data at the written instructions of the Controller.
Categories of Personal Data We May Collect
The type of Personal Data we collect depends on each client organization’s selection of our products and services and how they decide to use it within their organization. It may include the following:
Why We Need Your Personal Data
We process Personal Data on behalf of our client organizations for the purposes of facilitating their compliance and/or ethics program, human resources program, or other risk-management program, which may include assisting clients in complying with applicable laws, rules, and regulations such as whistleblower laws, sanctions laws, and disclosures. We may also process Personal Data for business purposes, such as improving our products and services, conducting product research and development, and complying with our internal and contractual record retention requirements. Personal Data may also be processed in the event of a dispute between parties and to comply with legal processes and court orders.
We will never sell Personal Data processed on behalf of our client organizations, nor will we share that Personal Data with anyone other than the appropriate client organization, unless required to do so under applicable laws and regulations. We may transfer Personal Data in the event of an actual or potential sale or transfer of our business or assets (such as a merger, acquisition, or reorganization).
We may use Personal Data for statistical research purposes, such as determining how many complaints were made in a particular region related to a particular topic. When we run such reports, we de-identify Personal Data and do not make any attempt to later re-identify it with any individual.
What If I Decide Not to Provide My Personal Data?
We are a service provider to various organizations and we process Personal Data only at their direction. If you do not wish to have Ethico process your Personal Data, please contact your organization directly.
How We Collect Personal Data
We may collect Personal Data from you in the following ways:
Our Legal Basis for Processing Your Personal Data
It is the responsibility of our client organizations, as the Controller, to ensure a legal basis for such processing. Prior to acting as Processor for any organization, we ensure that we have a written contract in place. We act in accordance with this contract and will only deviate from it if we believe that it will violate an applicable law or regulation (in which case we will notify the client organization in writing). If you have a concern about the legal basis for processing of your Personal Data, please contact the organization directly.
Who Do We Share Personal Data With?
We will never sell your Personal Data. We share your Personal Data with the organization, who is the Controller, and for whom we are acting as Processors of Personal Data. We may also share Personal Data with our service providers (Subprocessors), who are contractually obligated to keep Personal Data secure and process it only for the purpose stated in the contract. Other instances where we may disclose Personal Data is if we are required to do so under applicable laws or regulations, we need to establish or defend our legal rights or the rights of other individuals or business partners, or instances where we are acting in order to prevent an illegal activity or harm.
Data Privacy Framework for Data Transfers and Data Storage
Our offices and employees are located in the United States of America (“U.S.”). Personal Data from residents in the United Kingdom (“UK”), European Economic Area (“EEA”), and other countries may be transferred to the U.S. and stored in our U.S. servers.
Ethico has certified compliance with the EU-U.S., UK Extension to the EU-U.S., and Swiss-UK Data Privacy Framework (“DPF”) developed by the U.S. Department of Commerce, the European Commission, the UK Government, and the Swiss Federal Administration to provide a reliable transfer mechanism for Personal Data transferred to the United States from the EU, UK, and Switzerland while ensuring data protection that is consistent with EU, UK, and Swiss law. As a company certified to the DPF, we are subject to the jurisdiction of the U.S. Federal Trade Commission and other U.S. authorities authorized under the DPF.
We are committed to following DPF Principles for all Personal Data received from the EU, UK, and Switzerland. If there is any conflict between the terms in this Privacy Policy and the DPF, the DPF shall govern. To learn more about the DPF, please visit https://www.dataprivacyframework.gov/s/. To view our certification on the Data Privacy Framework List, please visit https://www.dataprivacyframework.gov/s/participant-search and search for ComplianceLine.
In adherence to DPF Principles, Ethico is responsible for Personal Data it receives from the EU, UK, and Switzerland, including any Personal Data it subsequently transfers to a third party acting as an agent on our behalf. With respect to Personal Data received or transferred pursuant to the DPF, Ethico is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission and any other regulatory authorities authorized under the DPF. In certain situations, Ethico may be required to disclose Personal Data response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the DPF Principles, we have designated an independent dispute resolution body to address complaints and provide appropriate recourse free of charge to an individual who has a complaint or inquiry that is unresolved by Ethico. If you have an unresolved complaint or inquiry related to your Personal Information that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider at https://feedback-form.truste.com/watchdog/request. In certain conditions, it is possible to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Data Retention
We will retain Personal Data for as long as we are instructed by the client organization acting as Controller. This time frame varies depending on applicable laws and regulations and the needs of each organization.
Security Measures
Ethico utilizes industry accepted security measures to protect against loss, misuse, unauthorized access, disclosure, alteration, and destruction of data submitted to our systems, both during transmission and when we receive it. Access to your Information is strictly limited and we take reasonable measures to ensure that your Information is not accessible to the public. We restrict access to users’ Information to only those persons who need access to perform or provide their job or service, both internally and with our third-party service providers. We utilize industry standard access controls and detection capabilities for our internal networks in order to prevent unauthorized network access. We regularly undergo third-party audits, including an annual SOC 2 Type 2 audit. Information is encrypted with advanced TLS (Transport Layer Security) when collected and transmitted and is also encrypted at rest.
While Information Security is of paramount importance to Ethico, no method of transmission over the Internet, or method of electronic storage, is 100% secure, and we cannot guarantee its absolute security. In compliance with the requirements of applicable data protection laws, we shall notify you via email, and any applicable regulatory agencies, if we learn of an information security breach of your Information. Please be advised that notice may be delayed in order to address the needs of law enforcement, determine the scope of network damage, and to engage in remedial measures.
Data Privacy Rights
Certain countries, states, and territories have set forth data privacy rights for residents. As a Processor, we cannot make any changes to Personal Data without the written instructions of the Controller. If you have a request to access, correct, delete, or export your Personal Data, please contact the relevant organization acting as Controller. We will promptly respond to any written requests from the Controller related to any Personal Data. Any requests directly to us will be forwarded to our client organization.
Changes to This Privacy Policy
We may update this Policy from time to time. The most current version of the Policy will always be available on Ethico’s homepage. Please also visit the website of the relevant organization acting as Controller to review their privacy policy.
Contacting Us with Questions or Concerns
If you have questions or complaints regarding our privacy policy or practices, you may also contact us at privacy@ethico.com. Please keep in mind that as a Processor, we are only permitted to process Personal Data at the written instructions of the Controller and we will forward any data privacy requests to the relevant client organization. If you have an unresolved privacy or data use concern regarding EU, UK, or Swiss resident Personal Data that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
You may also send us mail at the following address:
Ethico
Attention: Privacy
8615 Cliff Cameron Drive, Suite 290
Charlotte, NC 28269
USA