Get more info
Request a Demo

Privacy Policy

TRUSTe

Ethico’s Privacy and Cookies Policy

Last Updated August 1, 2023

ComplianceLine, LLC, doing business as Ethico, (“Ethico,” “we,” “our,” or “us”) is committed to complying with all applicable data privacy laws, including protecting the security and confidentiality of any information that is personally identifiable to an individual (“Personal Data”). Ethico’s Privacy and Cookies Policy is comprised of two parts: 1) Ethico’s Privacy Policy, which sets forth how we collect, use, share, and retain (collectively, “process”) Personal Data in situations where, as a Controller, we determine how Personal Data is processed and 2) Ethico’s ECOsystem Privacy Policy, which sets forth how we process Personal Data as a Processor on behalf of our client organizations that use our products and services. Collectively, we refer to both policies as Ethico’s Privacy and Cookies Policy. Ethico’s Privacy and Cookies Policy also provides information on your data privacy rights and how to exercise them. The most current version of Ethico’s Privacy and Cookies Policy can be found on Ethico’s website at https://ethico.com/privacy-policy/. This Privacy and Cookies Policy also provides information on your data privacy rights and how to exercise them.

Who We Are

Ethico is a leading provider of ethics, compliance, and HR software solutions to professionals in compliance, human resources, and risk management. We provide a suite of corporate integrity services via our ECOsystem platform, which includes compliance management and hotline & sanctions screening solutions. We also offer training and educational resources and host in-person and online events, including our Ethicsverse webinars.

We process Personal Data as a Controller in connection with our core business activities, such as marketing, sales activity, and account management. We process Personal Data as a Processor (or service provider) when we process Personal Data on behalf of and at the direction of our clients, such as providing intake for hotline calls, conducting exit interviews, or running background checks.

Ethico is headquartered at 8615 Cliff Cameron Dr Ste 290, Charlotte, North Carolina 28269 in the United States of America. Questions about our privacy practices should be addressed to privacy@ethico.com.

Ethico’s Privacy Policy

Ethico’s Privacy Policy sets forth how we collect, use, share, and retain (collectively, “process”) Personal Data in situations where, as a Controller, we determine how Personal Data is processed.

Categories of Personal Data We May Collect

Ethico may collect the collecting categories of Personal Data from business contacts in our industry:

  • Your name and contact details such as your phone number and email address;
  • Information related to your current or past work, such as your employer, job title, company address, and conferences, webinars, or training that you have attended;
  • Information related to your interactions with our website and webinar platforms, such as cookies, the pages you have visited, and the date and time of your visit, and comments that you leave in online webinar, training, or blogs hosted by Ethico;
  • Information related to your interactions with our products and services, such as how often you log in, the tools that you utilize, and your interactions with our personnel such as customer service; and
  • Information related to your communications and feedback to us, such as your email communications regarding your satisfaction with the product or feedback that you may provide on webinars that we provide.

Our marketing materials, content, and products and services are intended for adults working in the professional fields of compliance, human resources, and risk management. We do not knowingly collect or maintain Personal Data from or about anyone under eighteen (18) years of age.

Why We Need Your Personal Data

We process your Personal Data for the following reasons:

  • To offer prospective and current client organization’s Ethico’s products and services;
  • To improve upon our products and services;
  • To offer you industry-related content and information;
  • To invite you to in-person or online events;
  • To communicate with you during the business relationship, including providing you with customer service;
  • To operate and improve our overall business operations, such as understanding market trends, developing new products, and carrying out internal administrative functions;
  • To protect parties the event of a legal dispute; and
  • To comply with court orders and legal or regulatory processes.

We may also transfer Personal Data in the event of an actual or potential sale or transfer of our business or assets (such as a merger, acquisition, or reorganization).

We do not engage in automated decision-making with your Personal Data.

What If I Decide Not to Provide My Personal Data?

You are not obligated to provide us with your Personal Data. If you opt-out of marketing emails, you will not receive emails related to our products and services, training and educational resources, and our events, including our Ethicsverse webinars. Also, please note that if you exercise any right to delete your Personal Data, and you work for an organization that is a client of Ethico, we may not be able to provide your organization with the services for which they have contracted if you are integral to the performance of that contract.

How We Collect Personal Data

We may collect Personal Data from you in the following ways:

  • Via registration forms, such as when you provide us with your Personal Data when you sign-up for a seminar or download content on our website;
  • Via in-person interactions, such as when we we scan your badge at an industry conference or you provide us with your business card;
  • Via Cookies and other data analytics, if you visit our website;
  • Where permitted, via channels such as LinkedIn, when you interact with or comment on our content;
  • From third-party sources such as conferences who may provide us with a list of names of attendees.

Our Legal Basis for Processing Your Personal Data

When we process Personal Data, including any residents located in the United Kingdom or the European Union, we rely upon a legal basis for such processing. The legal bases on which we rely are:

  • Where we have obtained your consent to process your Personal Data;
  • Where we have a legitimate business interest in processing your Personal Data and that interest does not interfere with any Personal Data rights that you may have (such as, for example, when the processing takes place in the context of a client relationship or for direct marketing purposes to share our products and services with professionals in the compliance, Human Resources, and risk management industry);
  • Where it is necessary for the performance of a contract; and
  • In certain instances where we determine we have a legal obligation to do so.

Who Do We Share Personal Data With?

We will never sell your Personal Data.

We may share your Personal Data with third-party service providers in order to fulfill our contractual relationships with you and/or to offer you products or services that you have requested. For example, we may provide a list of email addresses to a marketing vendor for the limited purpose of fulfilling an email campaign, or if you contact us to have an investigation outsourced, we may provide your contact information to our outsourced investigation services firm so that they may provide you with the service.

Other instances where we may disclose Personal Data is if we are required to do so under applicable laws or regulations, we need to establish or defend our legal rights or the rights of other individuals or business partners, or instances where we are acting in order to prevent an illegal activity or harm.

Data Privacy Framework for Data Transfers and Data Storage

Our offices and employees are located in the United States of America (“U.S.”). Personal Data from residents in the United Kingdom (“UK”), European Economic Area (“EEA”), and other countries may be transferred to the U.S. and stored in our U.S. servers.

Ethico has certified compliance with the EU-U.S., UK Extension to the EU-U.S., and Swiss-UK Data Privacy Framework (“DPF”) developed by the U.S. Department of Commerce, the European Commission, the UK Government, and the Swiss Federal Administration to provide a reliable transfer mechanism for Personal Data transferred to the United States from the EU, UK, and Switzerland while ensuring data protection that is consistent with EU, UK, and Swiss law. As a company certified to the DPF, we are subject to the jurisdiction of the U.S. Federal Trade Commission and other U.S. authorities authorized under the DPF.

We are committed to following DPF Principles for all Personal Data received from the EU, UK, and Switzerland. If there is any conflict between the terms in this Privacy Policy and the DPF, the DPF shall govern. To learn more about the DPF, please visit https://www.dataprivacyframework.gov/s/. To view our certification on the Data Privacy Framework List, please visit https://www.dataprivacyframework.gov/s/participant-search and search for ComplianceLine.

In adherence to DPF Principles, Ethico is responsible for Personal Data it receives from the EU, UK, and Switzerland, including any Personal Data it subsequently transfers to a third party acting as an agent on our behalf. With respect to Personal Data received or transferred pursuant to the DPF, Ethico is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission and any other regulatory authorities authorized under the DPF. In certain situations, Ethico may be required to disclose Personal Data response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the DPF Principles, we have designated an independent dispute resolution body to address complaints and provide appropriate recourse free of charge to an individual who has a complaint or inquiry that is unresolved by Ethico. If you have an unresolved complaint or inquiry related to your Personal Information that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider at https://feedback-form.truste.com/watchdog/request. In certain conditions, it is possible to invoke binding arbitration when other dispute resolution procedures have been exhausted.

Data Retention

We will retain your Personal Data for as long as your email address is active and you do not request to have your Personal Data deleted.

Security Measures

Ethico utilizes industry accepted security measures to protect against loss, misuse, unauthorized access, disclosure, alteration, and destruction of data submitted to our systems, both during transmission and when we receive it. Access to your Information is strictly limited and we take reasonable measures to ensure that your Information is not accessible to the public. We restrict access to users’ Information to only those persons who need access to perform or provide their job or service, both internally and with our third-party service providers. We utilize industry standard access controls and detection capabilities for our internal networks in order to prevent unauthorized network access. We regularly undergo third-party audits, including an annual SOC 2 Type 2 audit. Information is encrypted with advanced TLS (Transport Layer Security) when collected and transmitted and is also encrypted at rest.

While Information Security is of paramount importance to Ethico, no method of transmission over the Internet, or method of electronic storage, is 100% secure, and we cannot guarantee its absolute security. In compliance with the requirements of applicable data protection laws, we shall notify you via email, and any applicable regulatory agencies, if we learn of an information security breach of your Information. Please be advised that notice may be delayed in order to address the needs of law enforcement, determine the scope of network damage, and to engage in remedial measures.

Opting-Out of Marketing

When you provide us with your Personal Data, such as signing up to one of our Ethicsverse webinars, and you consent to receive marketing communications related to our products and services and events, we will use that information to send those communications to you. If you wish to opt-out of receiving communications from us, please fill out this form. You may also use the form to correct your Personal Data, request that it be deleted, or to request additional information. Please allow several days for us to process your opt-out request. Note that we may retain your name and contact information on a list for the sole purposes of ensuring we comply with your request. If you feel your opt-out request was not properly honored or you would like to request to opt-in to marketing communications after a prior request to opt-out, please email us at privacy@ethico.com.

Cookies

A cookie is a small file of letters and numbers that is downloaded onto your computer when you visit a website. Cookies are used by many websites and can do a number of things, including remembering your preferences, recording what you have put in your shopping basket, and counting the number of people looking at a website. Ethico utilizes web logging and Cookies to gather data about visitors to our site in order to gather insights and improve our services.

We may use Google Analytics and similar tools to help analyze how users interact with our website and to display customized ads and other content to our users during a current browsing session or in the future when the user is online. These analytics are performed by using the technological means described above to monitor a user’s interactions with the website and do not involve the collection of any additional Information.

Most browsers are initially set up to accept Cookies, but users can reset their browsers to refuse all Cookies or to indicate when a Cookie is being sent or to refuse online tracking. To disable and reject certain Cookies, follow the instructions associated with your Internet browser. If you would like to clear, delete, or block your cookies, you can do so via settings on your webpage browser. Please visit the following pages to learn more about how to control Cookies: Microsoft Edge cookies information, Internet Explorer cookies information, Chrome cookies information, Firefox cookies information, Safari mobile device information, and Safari desktop information. Our website, as with most websites, does not currently recognize opt-out preference signals (and we are not required to do so under applicable laws).

Even where you reject a Cookie, you may still use the Website, but your ability to use certain features or offerings may be impaired. For example, if you return to the Website, you may have to re-enter Information you previously supplied to us. We may retain Cookie data indefinitely.

Please note that opting out of interest-based advertising does not mean you will no longer see advertising online. Rather, it means that the company or companies from which you opt-out will no longer show ads that have been tailored to your interests.

Data Privacy Rights

Certain countries, states, and territories have set forth data privacy rights for residents. In the UK and throughout the EEA, these rights are:

  • The right to withdraw consent. To the extent you provide consent to the processing of your Personal Data, including marketing communications, you can withdraw your consent at any time. Your withdrawal will not affect the lawfulness of our processing based on consent before your withdrawal.
  • Right of access to and rectification of your Personal Data. If you would like to request access or correct your Personal Data, you can submit a written request to privacy@ethico.com.
  • Right to erasure (or, “Right to be forgotten”). You can ask us to stop processing and delete your Personal Data in certain circumstances (for example where it was processed on the basis of your consent and you withdraw such consent or where it is no longer necessary for us to process it).
  • Right to data portability. You can request to receive your Personal Data from us in a machine-readable, commonly used format of our choosing and/or have us transfer your Personal Data directly to another controller.
  • Right to object to, or restrict, processing. Where the processing of your Personal Data is based on consent, contract, or legitimate interests, you may restrict or object, at any time, to the processing of your Personal Data, as permitted by applicable law.
  • Right to not be the subject of automated individual decision-making, including profiling. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects on you, except as allowed under applicable data protection laws.

Many U.S. states are also enacting data privacy laws. Although these state laws are currently not applicable to Ethico, we value your privacy rights. Regardless of where you are located, we will honor your request to access, correct, or delete your Personal Information.

To make a request regarding your data rights, please contact privacy@ethico.com. In your email, please write “Data Privacy Rights” in the subject line and in the body of the email state the right you would like to exercise. We will promptly review your request, determine how we can process your request in compliance with applicable laws, and provide you with an explanation on how we are taking action on your request. Note that we may need to seek additional details from you in order to process your request and that, if you request to have your Personal Data deleted, we may retain your name and contact information on a list for the sole purposes of ensuring we comply with your request. Residents of the UK and EEA also have the right to lodge a complaint with their relevant supervisory authority if they feel their data privacy rights are not being respected.

Changes to This Privacy Policy

We may update this Policy from time to time. The most current version of the Policy will always be available on Ethico’s homepage. If we make changes to how we process your Personal Data, we will notify you via email.

Contacting Us with Questions or Concerns

If you would like to opt-out of marketing emails or exercise your data privacy rights to correct, delete, and access your Personal Data, please complete this online form. If you have questions or complaints regarding our privacy policy or practices, or would like to exercise additional data privacy rights, you may also contact us at privacy@ethico.com. If you are an EU, UK or Swiss resident and have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

You may also send us mail at the following address:

Ethico
Attention: Privacy
8615 Cliff Cameron Drive, Suite 290
Charlotte, NC 28269
USA

Ethico’s ECOsystem Privacy Policy

Ethico’s ECOsystem Privacy Policy sets forth how we process Personal Data as a Processor on behalf of our client organizations that use our products and services. Each client organization who purchases our products or services acts as a Controller of any Personal Data, which means that they determine how that Personal Data is collected, used, retained, and shared (“processed”). As a Processor, we only process Personal Data at the written instructions of the Controller.

Categories of Personal Data We May Collect

The type of Personal Data we collect depends on each client organization’s selection of our products and services and how they decide to use it within their organization. It may include the following:

  • Identifiers such as first and last name, employee identification number, Social Security Number, gender, birthdate, contact information such as address, e-mail address, and telephone number;
  • Information related to employment such as job title, job position, employer, relationship with the Controller, employee identification number, and opinions related to the employment experience;
  • Information related to the the facts and circumstances surrounding a violation or alleged violation of law or company policies, which may include Personal Data about the reporter and other individuals alleged to have been involved in the reported incident;
  • Other categories of personal information about an individual which a reporter voluntarily provides to Ethico while making a report or providing an interview, which could include Personal Data that is considered Sensitive Personal Data under applicable laws and regulations (such as information that relates to individuals’ racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, information concerning health, or information concerning a natural person’s sex life or sexual orientation);
  • Information found in the public records such as aliases, criminal background history, information found on sanctions lists, and information related to any restrictions or penalties imposed by a regulatory agency or licensing board;
  • Information related to an employee’s training records, such as training accessed and completion dates, and metadata that might be obtained from an employee’s interaction with training platforms; and
  • Other information which a client organization, as the Controller, decides will reside on Ethico’s platform, such as information related to annual financial disclosures, conflicts of interest, gifts and entertainment, and other Personal Data that may be gathered by organizations in the course of implementing and operating an effective compliance and ethics program or other risk-management program.

Why We Need Your Personal Data

We process Personal Data on behalf of our client organizations for the purposes of facilitating their compliance and/or ethics program, human resources program, or other risk-management program, which may include assisting clients in complying with applicable laws, rules, and regulations such as whistleblower laws, sanctions laws, and disclosures. We may also process Personal Data for business purposes, such as improving our products and services, conducting product research and development, and complying with our internal and contractual record retention requirements. Personal Data may also be processed in the event of a dispute between parties and to comply with legal processes and court orders.

We will never sell Personal Data processed on behalf of our client organizations, nor will we share that Personal Data with anyone other than the appropriate client organization, unless required to do so under applicable laws and regulations. We may transfer Personal Data in the event of an actual or potential sale or transfer of our business or assets (such as a merger, acquisition, or reorganization).

We may use Personal Data for statistical research purposes, such as determining how many complaints were made in a particular region related to a particular topic. When we run such reports, we de-identify Personal Data and do not make any attempt to later re-identify it with any individual.

What If I Decide Not to Provide My Personal Data?

We are a service provider to various organizations and we process Personal Data only at their direction. If you do not wish to have Ethico process your Personal Data, please contact your organization directly.

How We Collect Personal Data

We may collect Personal Data from you in the following ways:

  • If you call one of our telephone numbers or log onto one of our online platforms to make a report or enter information;
  • If your organization has directed us to reach out to you, for example, in the case of an exit interview;
  • If you provide it to a person within your organization, who then enters it into our platform;
  • Via Cookies and other data analytics, if you visit our website;
  • If you interact with our platform or one of our partners’ platforms directly; and
  • If your organization provides the Personal Data directly to us and requests that we process it, such as running a background check.

Our Legal Basis for Processing Your Personal Data

It is the responsibility of our client organizations, as the Controller, to ensure a legal basis for such processing. Prior to acting as Processor for any organization, we ensure that we have a written contract in place. We act in accordance with this contract and will only deviate from it if we believe that it will violate an applicable law or regulation (in which case we will notify the client organization in writing). If you have a concern about the legal basis for processing of your Personal Data, please contact the organization directly.

Who Do We Share Personal Data With?

We will never sell your Personal Data. We share your Personal Data with the organization, who is the Controller, and for whom we are acting as Processors of Personal Data. We may also share Personal Data with our service providers (Subprocessors), who are contractually obligated to keep Personal Data secure and process it only for the purpose stated in the contract. Other instances where we may disclose Personal Data is if we are required to do so under applicable laws or regulations, we need to establish or defend our legal rights or the rights of other individuals or business partners, or instances where we are acting in order to prevent an illegal activity or harm.

Data Privacy Framework for Data Transfers and Data Storage

Our offices and employees are located in the United States of America (“U.S.”). Personal Data from residents in the United Kingdom (“UK”), European Economic Area (“EEA”), and other countries may be transferred to the U.S. and stored in our U.S. servers.

Ethico has certified compliance with the EU-U.S., UK Extension to the EU-U.S., and Swiss-UK Data Privacy Framework (“DPF”) developed by the U.S. Department of Commerce, the European Commission, the UK Government, and the Swiss Federal Administration to provide a reliable transfer mechanism for Personal Data transferred to the United States from the EU, UK, and Switzerland while ensuring data protection that is consistent with EU, UK, and Swiss law. As a company certified to the DPF, we are subject to the jurisdiction of the U.S. Federal Trade Commission and other U.S. authorities authorized under the DPF.

We are committed to following DPF Principles for all Personal Data received from the EU, UK, and Switzerland. If there is any conflict between the terms in this Privacy Policy and the DPF, the DPF shall govern. To learn more about the DPF, please visit https://www.dataprivacyframework.gov/s/. To view our certification on the Data Privacy Framework List, please visit https://www.dataprivacyframework.gov/s/participant-search and search for ComplianceLine.

In adherence to DPF Principles, Ethico is responsible for Personal Data it receives from the EU, UK, and Switzerland, including any Personal Data it subsequently transfers to a third party acting as an agent on our behalf. With respect to Personal Data received or transferred pursuant to the DPF, Ethico is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission and any other regulatory authorities authorized under the DPF. In certain situations, Ethico may be required to disclose Personal Data response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In compliance with the DPF Principles, we have designated an independent dispute resolution body to address complaints and provide appropriate recourse free of charge to an individual who has a complaint or inquiry that is unresolved by Ethico. If you have an unresolved complaint or inquiry related to your Personal Information that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider at https://feedback-form.truste.com/watchdog/request. In certain conditions, it is possible to invoke binding arbitration when other dispute resolution procedures have been exhausted.

Data Retention

We will retain Personal Data for as long as we are instructed by the client organization acting as Controller. This time frame varies depending on applicable laws and regulations and the needs of each organization.

Security Measures

Ethico utilizes industry accepted security measures to protect against loss, misuse, unauthorized access, disclosure, alteration, and destruction of data submitted to our systems, both during transmission and when we receive it. Access to your Information is strictly limited and we take reasonable measures to ensure that your Information is not accessible to the public. We restrict access to users’ Information to only those persons who need access to perform or provide their job or service, both internally and with our third-party service providers. We utilize industry standard access controls and detection capabilities for our internal networks in order to prevent unauthorized network access. We regularly undergo third-party audits, including an annual SOC 2 Type 2 audit. Information is encrypted with advanced TLS (Transport Layer Security) when collected and transmitted and is also encrypted at rest.

While Information Security is of paramount importance to Ethico, no method of transmission over the Internet, or method of electronic storage, is 100% secure, and we cannot guarantee its absolute security. In compliance with the requirements of applicable data protection laws, we shall notify you via email, and any applicable regulatory agencies, if we learn of an information security breach of your Information. Please be advised that notice may be delayed in order to address the needs of law enforcement, determine the scope of network damage, and to engage in remedial measures.

Data Privacy Rights

Certain countries, states, and territories have set forth data privacy rights for residents. As a Processor, we cannot make any changes to Personal Data without the written instructions of the Controller. If you have a request to access, correct, delete, or export your Personal Data, please contact the relevant organization acting as Controller. We will promptly respond to any written requests from the Controller related to any Personal Data. Any requests directly to us will be forwarded to our client organization.

Changes to This Privacy Policy

We may update this Policy from time to time. The most current version of the Policy will always be available on Ethico’s homepage. Please also visit the website of the relevant organization acting as Controller to review their privacy policy.

Contacting Us with Questions or Concerns

If you have questions or complaints regarding our privacy policy or practices, you may also contact us at privacy@ethico.com. Please keep in mind that as a Processor, we are only permitted to process Personal Data at the written instructions of the Controller and we will forward any data privacy requests to the relevant client organization. If you have an unresolved privacy or data use concern regarding EU, UK, or Swiss resident Personal Data that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

You may also send us mail at the following address:

Ethico
Attention: Privacy
8615 Cliff Cameron Drive, Suite 290
Charlotte, NC 28269
USA

 

Ethico
Contact Info
Linkedin Youtube Podcast Facebook
Phone

Sales: +1 800-859-8840
Support: +1 800-859-8875

Email

sales@ethico.com
support@ethico.com

Address
8615 Cliff Cameron Dr., Ste. 290 Charlotte, NC 28269 USA
Login
Contact Us

Services

Industries

Resources

Fast 50 Logo
IFCE Analyst Logo
SHRM Recertification Provider
Action Check Guaranteed
AICPA SOC
Inc. 5000 Logo
Linkedin Youtube Podcast Facebook