SUSTAINCERT PRIVACY POLICY
Effective: October 7, 2021
SustainCERT (“SustainCERT”) is committed to protecting your privacy and providing a safe online experience. This Privacy Policy applies to the website located at https://wordpressmu-984160-3576819.cloudwaysapps.com/ and any other web properties and mobile apps which are owned or operated by SustainCERT (each individually a “Site” and collectively, the “Site(s)“). This Privacy Policy (“Privacy Policy” or “Policy”) informs you of important information about how SustainCERT (“we,” “us” or “our”) processes the personal data that we collect in online and offline formats, the privacy practices we undertake, the types of data we collect, how we use and secure that data, and how long we retain that data.
Please read this Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, you should not use our Site and/or Services (defined below).
By using our Site and Services (defined below), you expressly give your consent for the collection and use of your Personal Data (defined below) in compliance with this Privacy Policy.
This Policy may change from time to time (see Updates to This Privacy Policy). Your continued use of this Site after we make changes is deemed to be acceptance of those changes, so please check the Policy periodically for updates.
When we use the term, “Personal Data,” we mean information or data that directly or indirectly identifies, describes, relates to or is reasonably capable of being associated with or can reasonably link to a particular individual, consumer or household.
When we use the term, “Client(s),” we mean those individuals or organizations that purchase our Services, are members of our platform, and/or are stakeholders or partners in our projects.
When we use the term “Service(s)” we mean to refer collectively to:
1. HOW WE COLLECT YOUR PERSONAL DATA
We may collect your Personal Data through different means, when you:
It is up to you whether you want to provide us with information or authorize third parties to provide us with information. When we ask you to provide information, you can decline and still visit the Site to learn more about us and what we do. However, if you choose not to provide information to us, we may be unable to provide you our Services. This Privacy Policy does not apply to any third-party sites that may link to or be accessible from the Site.
2. TYPES OF PERSONAL DATA WE COLLECT
We may collect the following types of Personal Data:
Types of Information You May Provide to Us:
If you submit any Personal Data to us relating to other people, you represent that you have the authority to do so and permit us to use the information in accordance with this Privacy Policy. By submitting Personal Data, you grant SustainCERT the right to transmit, monitor, retrieve, store and use your information in connection with the operation of the Site.
Types of Information We Collect Through Technology: When you use our Site, we use technology, including Google Analytics, to gather information on how visitors are using the Site and Services. Specifically, we may gather information about the following:
An IP address is a number automatically assigned to your computer whenever you access the Internet. IP addresses allow computers (including mobile devices and tablets) and servers to recognize and communicate with one another. We collect IP address information so that we can properly manage our system and gather information about how our site is being used. This includes the device type and browser you are using, location data, the pages you are viewing and your interactions on the page. Your IP address may be associated with records containing Personal Data. We collect details of visits to our Site, including the volume of traffic received, logs and the resources that you have accessed. We may also collect certain location information such as your mobile device’s GPS signal, or information about nearby WiFi access points and cell towers. (Please also see our “Cookies Notice“.)
Types of Information We Collect From Third Parties: We may collect information from third parties to help us provide Services, for example, information to verify programs and practices for certification, which when combined with other data, may constitute Personal Data.
3. HOW AND WHY WE USE YOUR INFORMATION
We only collect the information reasonably necessary to respond to inquiries about our Services, to provide you the Services, to carry out our operations, as required by law, and for other legitimate business purposes, under applicable laws. Because the principal purpose of the collection your personal data is to offer you a safe, optimum, efficient and personalized experience, you agree and accept that we may use your personal data to for the legitimate business purposes listed below:
We do not monitor or profile visitors to our Site or collect, in any automated manner, any special categories of sensitive Personal Data about you. No automated decision-making, including profiling, is used when processing your Personal Data.
Additional Uses of Personal Data:
In addition to the uses described above, we may use your Personal Data for the following purposes if you become a Client or authorized user. Some of these uses may, under certain circumstances be based on your consent, may be necessary to fulfill our contractual commitments to you, or are necessary to serve our legitimate interests in the following business operations:
4. HOW WE SHARE AND DISCLOSE PERSONAL DATA
We may disclose aggregated information that does not identify any individual (and therefore, is not deemed to be Personal Data) without restriction. We share Personal Data with the following categories of recipients:
Third-party Vendors: Your Personal Data will only be shared with and processed by our affiliates and non-affiliated third-party service providers as permitted by law and for the purposes described in this Privacy Policy. We may disclose Personal Data to certain non-affiliated specialized service providers, including professional advisors, consultants, technical service providers, and other third parties, who are bound by contractual obligations to keep Personal Data confidential and use it only for the purposes for which we disclose it to them. We may disclose your Personal Data to third-party service providers to provide us with services such as Site hosting, including information technology and telephony services, and related infrastructure, customer service, e-mail delivery, auditing and other similar services.
A list of third-party vendors and sub-processors is provided below:
Affiliates: We may share your information with our parent company, The Gold Standard Foundation.
Business Transfers: When applicable, we may share your information in connection with a substantial corporate transaction, such as a merger, consolidation, asset sale, or in the unlikely event of bankruptcy.
With Your Consent or at Your Direction: We may share information for any other purposes disclosed to you at the time we collect the information or pursuant to your consent or direction.
Other Legal Reasons: In addition, we may use or disclose your Personal Data as we deem necessary or appropriate: (1) under applicable law; (2) to respond to requests from public and government authorities including public and government authorities; (3) to pursue available remedies or limit damages we may sustain; (5) to protect our operations or those of any of our affiliates; (6) to protect the rights, privacy, safety or property of SustainCERT, our affiliates, you and others; and (7) to enforce our Terms and Conditions.
SustainCERT keeps Personal Data on file, but does not sell your information to third parties unless required to do so by legal, judicial or governmental proceedings, or to provide the Services requested.
5. DATA SECURITY
We use reasonable organizational, technical and administrative measures to maintain the privacy and security of your Personal Data within our organization. Accordingly, we prevent unauthorized access by a secure firewall and use of security technologies to protect the integrity and privacy of any Personal Data you provide. Although we work hard to protect your Personal Data, we cannot guarantee the security of any information you transmit to us through online forms and applications, and you do so at your own risk. The Site is not designed to store sensitive Personal Data and you should not use the Site for that purpose. Please note that email is considered a nonencrypted (and therefore nonsecure) form of communication, and it can be accessed and viewed by others without your knowledge and permission. For that reason, to protect your privacy, please do not use email to communicate information that you consider confidential. Unfortunately, no data transmission or storage system can be guaranteed to be secure at all times. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contact Us” section below. We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.
We are not responsible for any outcome if you circumvent any privacy settings or security measures. You are responsible for choosing a password of appropriate strength, not sharing or reusing passwords used on other websites, and keeping your password confidential. Our employees will never ask for your password.
6. RETENTION OF PERSONAL DATA
We will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Policy and in order to provide you the Services, and for as long as your account is active or as needed to provide you Services. We will also retain your information to comply with our legal obligations, to conduct audits, resolve disputes, and enforce of our agreements.
7. CAPACITY / CHILDREN
This Site is only intended for individuals who are at least 18 years of age. We are committed to complying with the Children’s Online Privacy Protection Act (COPPA). Our Service is not directed to children under the age of 13 and children under the age of 13 are not to use the Site or provide any information to our Service without express parental consent. We do not knowingly collect Personal Data from children under the age of 13. If we receive Personal Data that we discover was provided by a child under the age of 13, we will promptly destroy such information.
California residents under 16 years of age may have additional rights regarding the collection and sale of their Personal Data. Please see YOUR CALIFORNIA PRIVACY RIGHTS for more information.
8. FINANCIAL INFORMATION
We use PayPal and may use other payment processors to process online payments made to us. In connection with the processing of such payments, we do not retain any personally identifiable information or any financial information such as credit card numbers. Rather, all such information is submitted directly to the payment processor.
9. E-MAIL MARKETING
We may periodically send you relevant alerts and newsletters by e-mail. To help improve our Marketing Activities, we often receive a confirmation when you open an e-mail or click on a link included in one of these emails, if your computer supports such capabilities. Instructions on how to unsubscribe from these alerts and newsletters are included in each e-mail.
10. YOUR PERSONAL DATA CHOICES
You have choices in how your Personal Data is used and shared. You have the right to:
Account Information: If you are a Client and have an account with us, you may update, correct, or delete your Personal Data at any time by (1) logging into your account and modifying your Personal Data, or (2) by emailing us at the email address provided in the section titled, HOW TO CONTACT US. We will provide you with information about whether we hold, or process on behalf of a third party, any of your Personal Data. We will respond to your access request within 30 days. You may deactivate your account if you wish. We may need to retain some Personal Data to comply with our policies and certain legal requirements, as set forth below.
Certain Exceptions to Deletion Request Rights: You have the right to request that we delete any of your Personal Data that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Data from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
Choice and Opt-Out:
Exercising Access, Data Portability and Deletion Rights: To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by emailing us at help@sustain-cert.com
Verification of Your Identity: Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Data. You may also make a verifiable consumer request on behalf of your minor child. You may make a verifiable consumer request for access or data portability twice within a 12-month period. You must:
Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Data or an authorized representative.
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you.
11. WITHDRAWAL OF YOUR CONSENT
Where you have provided consent to process Personal Data, you have the right to withdraw such consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. You may do this by contacting us as set forth in the section titled, HOW TO CONTACT US, below.
12. RESPONSE TIMING AND FORMAT
We endeavor to respond to a verifiable consumer request within thirty (30) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Data that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
13. COOKIES NOTICE
What are cookies and why are cookies used: A cookie is a piece of data that a website can send to your browser, which may then be stored on your computer as a tag that identifies your computer. While cookies are often only used to measure website usage (such as number of visitors and duration of visit) and effectiveness (such as topics visitors are most interested in) and to allow for ease of navigation or use and, as such, are not associated with any Personal Data, they are also used at times to personalize a known visitor’s experience of a website by being associated with profile information or user preferences. Over time this information provides valuable insight to help improve the user experience.
How we use Cookies: We use cookies and related technologies (“Cookies”) to provide Services, gather information when users navigate through the Sites to enhance and personalize the experience, to understand usage patterns, and to improve our Sites, products, and Services.
Cookies on our Sites are generally divided into the following categories:
How to Control Cookies: You can review your Internet browser settings, typically under the sections “Help” or “Internet Options,” to exercise choices you have for certain Cookies. If you choose to block all cookies, you may not have access to our Site, our Services will not function as intended, and you will not be able to log in. If you have blocked all cookies and wish to make full use of the features and Services we offer, we recommend enabling at least first-party cookies. Rather than blocking all cookies, you can choose to block only third-party cookies. This will allow our Services to function as intended. To learn more about the use of Cookies by Google for analytics see https://policies.google.com/technologies/cookies. To exercise choice regarding those Cookies, please see the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout. The opt-outs described above are device- and browser-specific and may not work on all devices.
14. YOUR CALIFORNIA PRIVACY RIGHTS
As of January 1, 2020, under the California Consumer Privacy Act (CCPA), California Residents have certain additional rights regarding their Personal Data.
If and to the extent you are a “consumer” as defined under the CCPA and that we are a “business” as defined under CCPA, the following may apply to you:
You have the right to request the following information from us by emailing us at the contact information in the section titled, HOW TO CONTACT US, and we will provide the following information to you upon verification of your identity:
In addition, please check the following sections of this Privacy Policy: TYPES OF PERSONAL DATA WE COLLECT, HOW AND WHY WE USE YOUR INFORMATION, and HOW WE SHARE AND DISCLOSE PERSONAL DATA.
You may opt out of any marketing by us and from the disclosure of your Personal Data to third parties.
Personal Data Sales Opt-Out And Opt-In Rights: If you are 16 years of age or older, you have the right to direct us to not sell your Personal Data at any time (the “right to opt-out”). We do not sell the Personal Data of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the consumer who is at least 13 but not yet 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to Personal Data sales may opt-out of future sales at any time.
To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by emailing help@sustain-cert.com
Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorize Personal Data sales. However, you may change your mind and opt back into Personal Data sales at any time by contacting us. You do not need to create an account with us to exercise your opt-out rights. We will only use Personal Data provided in an opt-out request to review and comply with the request.
Non-Discrimination: If you elect to exercise any of your rights under CCPA, we will not discriminate against you for exercising any of your CCPA rights. Unless otherwise permitted by the CCPA, we will not: deny you goods or services, charge you a different price or rate for our goods or services, or provide you a different level or quality of goods or services because you exercised such rights. Under the current definition of CCPA, [Company] does not sell your Personal Data.
Other than as provided above, we may offer you certain financial incentives, as permitted by the CCPA, in exchange for your giving us certain information, which incentives may result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your Personal Data’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
15. RESIDENTS OF THE EUROPEAN ECONOMIC AREA, UNITED KINGDOM AND SWITZERLAND
Your Personal Data will be treated in a secure and confidential manner in compliance with all applicable laws and regulations, including the European General Data Protection Regulation (“GDPR”). Depending on the context in which Personal Data is provided, GSF or SustainCERT may be a data processor (“processor”) or a data controller (“controller”) of your Personal Data. The Data Subject owns the data submitted to the Service. If the Client requests that Company remove the Personal Data, we will respond to the request within 30 days.
In addition, please check the following sections of this Privacy Policy: TYPES OF PERSONAL DATA WE COLLECT, HOW AND WHY WE USE YOUR INFORMATION, and HOW WE SHARE AND DISCLOSE PERSONAL DATA, YOUR PERSONAL DATA CHOICES, WITHDRAWAL OF YOUR CONSENT.
If you have any questions or concerns regarding this Privacy Policy or our privacy practices, including the processing of your Personal Data, if you would like to exercise your data rights under applicable laws, or if you believe your privacy rights have been violated, please contact us as provide in the section titled, HOW TO CONTACT US, below.
16. LINKS TO OTHER SITES
Occasionally we may provide links to other sites for your convenience and information. These sites operate independently from our Sites and are not under our control. These sites may have their own privacy notices or terms of use, which you should review if you visit any sites linked through our Sites. We are not responsible for the content or use of these unrelated sites.
17. UPDATES TO THIS PRIVACY POLICY
We may change this Privacy Policy from time to time, and at our sole discretion. We encourages visitors to frequently check this page for any changes to this Privacy Policy.
18. HOW TO CONTACT US
If you have any queries, questions or concerns about this Privacy Policy or our Personal Data handling practices, please contact us as provided below: