Please read this Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, you should not use our Site and/or Services (defined below).
When we use the term, “Personal Data,” we mean information or data that directly or indirectly identifies, describes, relates to or is reasonably capable of being associated with or can reasonably link to a particular individual, consumer or household.
When we use the term, “Client(s),” we mean those individuals or organizations that purchase our Services, are members of our platform, and/or are stakeholders or partners in our projects.
When we use the term “Service(s)” we mean to refer collectively to:
The provision of online services to provide funding for environmentally and socially sustainable projects;
The provision of standards for environmentally and socially sustainable developments to provide sustainability certification, and related services to those Clients who purchase such tools and services;
The information provided through the Site(s); and
Our marketing and business development activities, including any social media properties we create, and newsletters and emails that we send (“Marketing Activities”).
HOW WE COLLECT YOUR PERSONAL DATA
TYPES OF PERSONAL DATA WE COLLECT
HOW AND WHY WE USE YOUR INFORMATION
HOW WE SHARE AND DISCLOSE PERSONAL DATA
RETENTION OF PERSONAL DATA
YOUR PERSONAL DATA CHOICES
WITHDRAWAL OF YOUR CONSENT
RESPONSE TIMING AND FORMAT
YOUR CALIFORNIA PRIVACY RIGHTS
RESIDENTS OF THE EUROPEAN ECONOMIC AREA, THE UNITED KINGDOM AND SWITZERLAND
LINKS TO OTHER SITES
HOW TO CONTACT US
1. HOW WE COLLECT YOUR PERSONAL DATA
We may collect your Personal Data through different means, when you:
visit our Site, through automated data tracking technology;
decide to interact with us, either by providing us your information through the account page, login page or “contact us” page on a Site; when you make a donation; by email; regular mail; or telephone;
become a Client, complete a survey, sign up to our platform or Site, or set up an account and provide us with information directly;
authorize third parties to provide us Personal Data.
2. TYPES OF PERSONAL DATA WE COLLECT
We may collect the following types of Personal Data:
Types of Information You May Provide to Us:
Name, alias, physical address, email address, postal address, telephone numbers, communication preferences, unique personal or online identifier, account name, employer, job title;
Payment or bank transfer information when you purchase Services;
Information that you authorize third parties to release to us;
Persistent or probabilistic identifiers that organizations use to identify a particular consumer; and
Records of your correspondence with us, chats though the Sites, including support correspondence.
Types of Information We Collect Through Technology: When you use our Site, we use technology, including Google Analytics, to gather information on how visitors are using the Site and Services. Specifically, we may gather information about the following:
Operating system and platform
Account access date/time stamp
Cookie data previously stored on your device
An IP address is a number automatically assigned to your computer whenever you access the Internet. IP addresses allow computers (including mobile devices and tablets) and servers to recognize and communicate with one another. We collect IP address information so that we can properly manage our system and gather information about how our site is being used. This includes the device type and browser you are using, location data, the pages you are viewing and your interactions on the page. Your IP address may be associated with records containing Personal Data. We collect details of visits to our Site, including the volume of traffic received, logs and the resources that you have accessed. We may also collect certain location information such as your mobile device’s GPS signal, or information about nearby WiFi access points and cell towers. (Please also see our “Cookies Notice“.)
Types of Information We Collect From Third Parties: We may collect information from third parties to help us provide Services, for example, information to verify programs and practices for certification, which when combined with other data, may constitute Personal Data.
3. HOW AND WHY WE USE YOUR INFORMATION
We only collect the information reasonably necessary to respond to inquiries about our Services, to provide you the Services, to carry out our operations, as required by law, and for other legitimate business purposes, under applicable laws. Because the principal purpose of the collection your personal data is to offer you a safe, optimum, efficient and personalized experience, you agree and accept that we may use your personal data to for the legitimate business purposes listed below:
To inform you about the Services in which you have indicated an interest or to which you’ve subscribed; Respond to your questions and requests and improve customer service; To provide you with notices about your account and/or subscription, including expiration and renewal notices;
To assist in business development and general marketing and building relationships; to create a list of actual and prospective users and Clients; to compile statistics regarding how the Site is used in order to improve our products and Services;
To record your name and contact information, and other Personal Data for legitimate business purposes, so that we can provide our Services;
To authorize and manage access to the Site;
To perform our contract with you if you become a Client; satisfy contractual necessity to conduct our operations and provide you with the services we offer; to perform essential business operations and to manage your account; to contact you with information that may be of interest to you;
To improve the Site to provide you with better services, for example, we may use your Personal Data to improve the layout of our Site based on the click path you utilized to access certain information within the Site; and
To comply with legal obligations and professional responsibilities;
To verify your identity or conduct internal audits or reviews; and
To detect or prevent security incidents or other illegal activity; debug; verify or maintain quality or safety or improve or upgrade a service or device owned or controlled by us.
We do not monitor or profile visitors to our Site or collect, in any automated manner, any special categories of sensitive Personal Data about you. No automated decision-making, including profiling, is used when processing your Personal Data.
Additional Uses of Personal Data:
In addition to the uses described above, we may use your Personal Data for the following purposes if you become a Client or authorized user. Some of these uses may, under certain circumstances be based on your consent, may be necessary to fulfill our contractual commitments to you, or are necessary to serve our legitimate interests in the following business operations:
Providing you with newsletters, articles, alerts and announcements, and other information that we believe may be of interest to you;
Providing you with marketing information about our services and;
Conducting research, surveys, and similar inquiries to help us understand Client or authorized user needs;
Analyzing your interactions with us and our Site, and improving our products, services, programs, and other offerings;
Preventing, investigating, or providing notice of fraud, unlawful or criminal activity, or unauthorized access to or use of Personal Data, our Site or data systems; or to meet legal obligations; and
4. HOW WE SHARE AND DISCLOSE PERSONAL DATA
We may disclose aggregated information that does not identify any individual (and therefore, is not deemed to be Personal Data) without restriction. We share Personal Data with the following categories of recipients:
A list of third-party vendors and sub-processors is provided below:
Heroku (application hosting services) — USA
Google Drive/Docs (documentation and collaboration) — USA
QuickBooks (finance) — USA
MailGun (email service) — USA
SendGrid (email service) — USA
Rollbar (application error-handling) — USA
PaperTrail (application logging) — USA
Zoho (helpdesk services and CRM) — India
Google Analytics (site performance and usage) — USA
Affiliates: We may share your information with our parent company, The Gold Standard Foundation. Business Transfers: When applicable, we may share your information in connection with a substantial corporate transaction, such as a merger, consolidation, asset sale, or in the unlikely event of bankruptcy. With Your Consent or at Your Direction: We may share information for any other purposes disclosed to you at the time we collect the information or pursuant to your consent or direction. Other Legal Reasons: In addition, we may use or disclose your Personal Data as we deem necessary or appropriate: (1) under applicable law; (2) to respond to requests from public and government authorities including public and government authorities; (3) to pursue available remedies or limit damages we may sustain; (5) to protect our operations or those of any of our affiliates; (6) to protect the rights, privacy, safety or property of SustainCERT, our affiliates, you and others; and (7) to enforce our Terms and Conditions.
SustainCERT keeps Personal Data on file, but does not sell your information to third parties unless required to do so by legal, judicial or governmental proceedings, or to provide the Services requested.
5. DATA SECURITY
We use reasonable organizational, technical and administrative measures to maintain the privacy and security of your Personal Data within our organization. Accordingly, we prevent unauthorized access by a secure firewall and use of security technologies to protect the integrity and privacy of any Personal Data you provide. Although we work hard to protect your Personal Data, we cannot guarantee the security of any information you transmit to us through online forms and applications, and you do so at your own risk. The Site is not designed to store sensitive Personal Data and you should not use the Site for that purpose. Please note that email is considered a nonencrypted (and therefore nonsecure) form of communication, and it can be accessed and viewed by others without your knowledge and permission. For that reason, to protect your privacy, please do not use email to communicate information that you consider confidential. Unfortunately, no data transmission or storage system can be guaranteed to be secure at all times. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contact Us” section below. We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.
We are not responsible for any outcome if you circumvent any privacy settings or security measures. You are responsible for choosing a password of appropriate strength, not sharing or reusing passwords used on other websites, and keeping your password confidential. Our employees will never ask for your password.
6. RETENTION OF PERSONAL DATA
7. CAPACITY / CHILDREN
This Site is only intended for individuals who are at least 18 years of age. We are committed to complying with the Children’s Online Privacy Protection Act (COPPA). Our Service is not directed to children under the age of 13 and children under the age of 13 are not to use the Site or provide any information to our Service without express parental consent. We do not knowingly collect Personal Data from children under the age of 13. If we receive Personal Data that we discover was provided by a child under the age of 13, we will promptly destroy such information.
California residents under 16 years of age may have additional rights regarding the collection and sale of their Personal Data. Please see YOUR CALIFORNIA PRIVACY RIGHTS for more information.
8. FINANCIAL INFORMATION
We use PayPal and may use other payment processors to process online payments made to us. In connection with the processing of such payments, we do not retain any personally identifiable information or any financial information such as credit card numbers. Rather, all such information is submitted directly to the payment processor.
9. E-MAIL MARKETING
We may periodically send you relevant alerts and newsletters by e-mail. To help improve our Marketing Activities, we often receive a confirmation when you open an e-mail or click on a link included in one of these emails, if your computer supports such capabilities. Instructions on how to unsubscribe from these alerts and newsletters are included in each e-mail.
10. YOUR PERSONAL DATA CHOICES
You have choices in how your Personal Data is used and shared. You have the right to:
Update, access, correct and/or delete your account information;
Choose whether you wish to receive promotional and newsletter communications;
Choose whether you wish to restrict processing of your Personal Data;
Withdraw your consent, if you have given your consent to collect and process your Personal Data; and
Complain to a data protection authority about the collection and use of your Personal Data.
Deactivate your account and have certain Personal Data deleted.
Account Information: If you are a Client and have an account with us, you may update, correct, or delete your Personal Data at any time by (1) logging into your account and modifying your Personal Data, or (2) by emailing us at the email address provided in the section titled, HOW TO CONTACT US. We will provide you with information about whether we hold, or process on behalf of a third party, any of your Personal Data. We will respond to your access request within 30 days. You may deactivate your account if you wish. We may need to retain some Personal Data to comply with our policies and certain legal requirements, as set forth below.
Certain Exceptions to Deletion Request Rights: You have the right to request that we delete any of your Personal Data that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Data from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
Complete the transaction for which we collected the Personal Data, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
Debug products to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest.
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
Comply with a legal obligation.
Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Choice and Opt-Out:
We provide you the opportunity to “opt-out” of having your Personal Data used for certain purposes and instances. If you no longer wish to receive our newsletter and promotional communications, you may opt-out of receiving them by following the instructions included in each newsletter or communication or by contacting us here. We offer an opportunity to opt-out of certain communications on our member profile page, or you may contact us using the information below.
You will be notified when we share your Personal Data with any third party that is not our agent/service provider, so you can make an informed choice as to whether or not to share your information with that party.
You may opt out of personalized ads anytime by deleting your browser’s cookies. For more information, please review our Cookie Notice.
Exercising Access, Data Portability and Deletion Rights: To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by emailing us at firstname.lastname@example.org
Verification of Your Identity: Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Data. You may also make a verifiable consumer request on behalf of your minor child. You may make a verifiable consumer request for access or data portability twice within a 12-month period. You must:
Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Data or an authorized representative.
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you.
11. WITHDRAWAL OF YOUR CONSENT
Where you have provided consent to process Personal Data, you have the right to withdraw such consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. You may do this by contacting us as set forth in the section titled, HOW TO CONTACT US, below.
12. RESPONSE TIMING AND FORMAT
We endeavor to respond to a verifiable consumer request within thirty (30) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
13. COOKIES NOTICE
What are cookies and why are cookies used: A cookie is a piece of data that a website can send to your browser, which may then be stored on your computer as a tag that identifies your computer. While cookies are often only used to measure website usage (such as number of visitors and duration of visit) and effectiveness (such as topics visitors are most interested in) and to allow for ease of navigation or use and, as such, are not associated with any Personal Data, they are also used at times to personalize a known visitor’s experience of a website by being associated with profile information or user preferences. Over time this information provides valuable insight to help improve the user experience.
Cookies on our Sites are generally divided into the following categories:
Necessary Cookies.These cookies are necessary to provide you with our Services and to use some of their features, such as access to secure areas. Because these cookies are strictly necessary to deliver the Services, you cannot refuse them without impacting how our Services function. These cookies do not collect identifying information about you, and they do not monitor or remember any of your internet browsing on sites other than our Sites.
Helpful Cookies.These cookies allow us to provide you with a better experience when you use our Site. For example, these cookies provide a getting started guide to interview candidates who have not used our Sites before. These cookies do not collect identifying information about you, and they do not monitor or remember any of your internet browsing on sites other than our Sites.
Analytics and Customization Cookies. These cookies collect information that is used to help us understand how our Services are being used or how effective our marketing campaigns are, or to help us customize our Services for you to enhance your experience. This data is anonymous and only used for statistical purposes, analytics cookies do not collect or share any personally identifiable information. These cookies qualify as “third-party” cookies as they are not sent directly by us.
14. YOUR CALIFORNIA PRIVACY RIGHTS
As of January 1, 2020, under the California Consumer Privacy Act (CCPA), California Residents have certain additional rights regarding their Personal Data.
If and to the extent you are a “consumer” as defined under the CCPA and that we are a “business” as defined under CCPA, the following may apply to you:
You have the right to request the following information from us by emailing us at the contact information in the section titled, HOW TO CONTACT US, and we will provide the following information to you upon verification of your identity:
The categories of Personal Data we collect about you;
The categories of sources from which your Personal Data is collected;
The business purpose for collecting your Personal Data;
The categories of third parties with whom we share your Personal Data; and
The specific pieces of Personal Data we have collected about you.
You may opt out of any marketing by us and from the disclosure of your Personal Data to third parties.
Personal Data Sales Opt-Out And Opt-In Rights: If you are 16 years of age or older, you have the right to direct us to not sell your Personal Data at any time (the “right to opt-out”). We do not sell the Personal Data of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is at least 13 but not yet 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to Personal Data sales may opt-out of future sales at any time.
To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by emailing email@example.com
Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize Personal Data sales. However, you may change your mind and opt back into Personal Data sales at any time by contacting us. You do not need to create an account with us to exercise your opt-out rights. We will only use Personal Data provided in an opt-out request to review and comply with the request.
Non-Discrimination: If you elect to exercise any of your rights under CCPA, we will not discriminate against you for exercising any of your CCPA rights. Unless otherwise permitted by the CCPA, we will not: deny you goods or services, charge you a different price or rate for our goods or services, or provide you a different level or quality of goods or services because you exercised such rights. Under the current definition of CCPA, [Company] does not sell your Personal Data.
Other than as provided above, we may offer you certain financial incentives, as permitted by the CCPA, in exchange for your giving us certain information, which incentives may result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your Personal Data’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
15. RESIDENTS OF THE EUROPEAN ECONOMIC AREA, UNITED KINGDOM AND SWITZERLAND
Your Personal Data will be treated in a secure and confidential manner in compliance with all applicable laws and regulations, including the European General Data Protection Regulation (“GDPR”). Depending on the context in which Personal Data is provided, GSF or SustainCERT may be a data processor (“processor”) or a data controller (“controller”) of your Personal Data. The Data Subject owns the data submitted to the Service. If the Client requests that Company remove the Personal Data, we will respond to the request within 30 days.
16. LINKS TO OTHER SITES
18. HOW TO CONTACT US