Privacy Policy

 

Effective as of 5/31/2021

Previous Privacy Policies

Previous IIRC Privacy Policy
Previous SASB Privacy Policy

A printable version of this privacy policy can be downloaded here

This Privacy Policy describes how The Value Reporting Foundation (previously known as SASB, Sustainability Accounting Standards Bound, a 501c3 organization), IIRC (International Integrated Reporting Council, a global not-for-profit organization, incorporated in England and Wales) and our organizational subsidiaries and affiliates (collectively, “VRF”, “we”, “us”, or “our”) collects, uses and shares your personal information if you visit valuereportingfoundation.org, sasb.org, integratedreporting.org, or our other websites or services that link to this Privacy Policy (collectively, the “Services”), contact us, receive our communications or attend our events.

This Privacy Policy does not extend to the privacy policies of third parties. We provide important information for individuals in Europe below.

Table of Contents

• Personal Information We Collect
• How We Use Your Personal Information
• How We Share Your Personal Information
• Your Choices
• Other Sites, Mobile Applications, and Services
• Security Practices
• International Data Transfers
• Children
• Changes to this Privacy Policy
• How to Contact Us
• Your Nevada Privacy Rights
• Notice to European Users
• Cookie Policy

Personal Information We Collect

Information you provide to us. Personal information you provide to us through the Services may include:

• Contact information, such as your first and last name, email address, phone number, professional title and organization name.
• Profile information, such as your username and password and any account preferences for the Services.
• Feedback or correspondence, such as information you provide when you contact us with surveys, phone calls, questions, feedback, or otherwise correspond with us.
• Usage information, such as information about how you use the Services and interact with us, including information you provide when you use any interactive features of the Services.
• Marketing information, such as your preferences for receiving communications about our products, activities, and publications, and details about how you engage with our communications.
• Payment information, where purchasing products or services. Payment details are used solely for billing purposes by our PCI-certified payment providers. We do not store payment information on our systems, and only authorized employees at The Value Reporting Foundation can view transaction information.
• Public Comment Letters, we receive any public comment letters you provide. If you wish to not have your name associated with your comment, you can request from us that we not display your name as the source and instead we may replace your name with a description instead such as “an issuer in the extractive industries sector,” “a private investment manager holding public equities and debt,” “a sell-side industrials analyst,” and similar. To make such a request, please indicate your preference in the public comment letter.
• Other information that we may collect which is not specifically listed here, but which we will use in accordance with this Privacy Policy or as otherwise disclosed at the time of collection.

Information we obtain from social media platforms. We may maintain pages for VRF on social media platforms, such as LinkedIn, Twitter, and YouTube. When you visit or interact with our pages on those platforms, the platform provider’s privacy policy will apply to your interactions and their collection, use, and processing of your personal information. You or the platforms may provide us with information through the platform, and we will treat such information in accordance with this Privacy Policy.

Information we obtain from other third parties. We may receive personal information about you from third-party sources, such as marketing partners, publicly available sources, and data providers. For example, as of the date of this policy, we partner with DonorSearch to identify and reach potential interested donors and users and with BD Consultant to identify corporate contacts, such as CFO’s and Investor Relations executives, who we believe may be interested in our offerings. DonorSearch’s privacy policy is here. BD Consultant’s privacy policy is here

Cookies and Other Information Collected by Automated Means. We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and activity occurring on or through the Services. The information that may be collected automatically includes your computer or mobile device operating system type and version number, manufacturer and model; device identifier; browser type; screen resolution; IP address; the website you visited before browsing to our website; general location information such as city, state or geographic area; and information about your use of and actions on the Services, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access. Our service providers and business partners may collect this type of information over time and across third-party websites and mobile applications. See our Cookie Policy for more information.

How We Use Your Personal Information

We use your personal information for the following purposes and as otherwise described in this Privacy Policy or at the time of collection:

To operate the Services. We use your personal information to:

• provide, operate, and improve the Services;
• establish and maintain your user profile on the Services;
• communicate with you about the Services, including by sending you announcements, updates, security alerts, and support and administrative messages;
• understand your interests and personalize your experience with the Services;
• provide support and maintenance for the Services; and
• respond to your requests, questions and feedback.

For research and development. We analyze use of the Services to improve the Services and to develop new products and services.

To send you marketing and promotional communications. We may send you marketing communications as permitted by law. The Value Reporting Foundation sends emails in order to keep stakeholders updated about resources that serve the business and investor community, including the Integrated Thinking Principles, Integrated Reporting Framework and/or SASB Standards. You can opt out of our marketing and promotional communications as described below.

Our legal basis for processing personal data in this way is: These updates, which are a public benefit to the business and investor community, are most effectively conveyed via email. The emails, which are directed to business and not personal email addresses, are of the customary communication expected between a nonprofit and its stakeholders.

To comply with law. We use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.

For compliance, fraud prevention, and safety. We may use your personal information and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate to: (a) protect our, your, or others’ rights, privacy, safety, or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern the Services; and (c) protect, investigate, and deter against fraudulent, harmful, unauthorized, unethical, or illegal activity.

With your consent. In some cases, we may specifically ask for your consent to collect, use, or share your personal information, such as when required by law, carry out our obligations arising from any contracts into, process a grant or job application.

To create anonymous data. We may create aggregated and other anonymous data from your personal information and other individuals whose personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Services and promote our business.

How We Share Your Personal Information

We do not share your personal information with third parties without your consent, except in the following circumstances or as otherwise described in this Privacy Policy:

Affiliates. We may share your personal information with our corporate subsidiaries and affiliates for purposes consistent with this Privacy Policy.

Service providers. We may share your personal information with third-party companies and individuals that provide services on our behalf or help us operate the Services (such as customer support, hosting, analytics, email delivery, marketing, and database management services).

• Amazon Web Services
• Dropbox, Inc.
• Google LLC
• Hotjar Ltd.
• HubSpot, Inc.
• Mailchimp, operated by The Rocket Science Group LLC
• Jorsek LLC (EasyDITA)
• RWS (previously SDL)
• Microsoft Corporation
• RingLead, Inc.
• Salesforce.com, LLC
• Gray Bike
• Ghost Web Design
• WPengine

These third parties may use your personal information only as authorized by their contracts with us. We engage Stripe as the payment processor to process payments if you order a paid service or product. Our payment providers represent to us that they are PCI-certified. We do not store payment information on our systems, and only authorized employees at The Value Reporting Foundation can view transaction information such as date of transaction and amounts paid.

Partners. We may sometimes share your personal information with business partners. Examples of such partnerships are but not limited to joint webinars, and joint working groups.

Other Users of the Services and the Public. We may provide functionality that enables you to disclose personal information to other users of the Services or the public. For instance, if you submit comment on a standard as part of our public comment process, we will display some information, such as your name and organization along with the content you submit. We do not control how other users, or third parties use any personal information that you make available to other users or the public by submitting a comment.

Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors, and insurers, where necessary in the course of the professional services that they render to us.

For compliance, fraud prevention and safety. We may share your personal information for the compliance, fraud prevention and safety purposes described above.

Government Requests. It may be necessary − by law, legal process, litigation, and/or legally binding requests from public and governmental authorities within or outside your country of residence − for The Value Reporting Foundation to disclose your personal information. We require a subpoena or court order to provide user records to U.S. law enforcement and foreign equivalents for jurisdictions outside the U.S. In the US, we only disclose content, like the substance of your communications with us, in response to a probable cause search warrant. If we have a good faith belief that there is an emergency involving danger of death or severe physical injury, we may provide the limited information necessary to prevent that harm, if we have it. If we are ever compelled by law to disclose your information, we will notify you and give you the full details of the request before we disclose it unless prohibited by law or a court order. However, nothing in this policy is intended to limit any legal defenses or objections that you may have to a third party or government request to disclose your information.

Organizational transfers. We may transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a (potential) business transaction such as an organizational divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.

Your Choices

In this section, we describe the rights and choices available to all users. Users who are located within Europe can find additional information about their rights below.

Access or update your information. If you have registered for an account with us, you may review and update certain personal information in your account profile by logging into your account.

Opt out of marketing communications. You may opt out of marketing emails by following the unsubscribe instructions at the bottom of the email. You may continue to receive service-related and other non-marketing emails.

Cookies & browser web storage. For information on how to disable cookies and similar technologies used in the Services, see our Cookie Policy.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit www.allaboutdnt.com.

Choosing not to share your personal information. Where we are required by law to collect your personal information, or where we need your personal information to provide the Services to you, if you do not provide this information when requested (or you later ask to delete it), we may not be able to provide you with the Services. We will tell you what information you must provide to receive the Services by designating it as required at the time of collection or through other appropriate means.

Other Sites, Mobile Applications, and Services

The Services may contain links to, or content or features from, other websites and online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third-party websites, mobile applications, or online services, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use, and sharing of your personal information. We encourage you to read the privacy policies of the other websites and mobile applications and online services you use.

Security Practices

The security of your personal information is important to us. We employ a number of organizational, technical and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.

International Data Transfers

We are headquartered in the United States and have service providers in other countries, and your personal information may be transferred outside of your state, province, or country to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country.

Children

The Services are not directed to, and we do not knowingly collect personal information from, anyone under the age of 16. If we learn that we have collected personal information of a child without the consent of the child’s parent or guardian, we will delete it. We encourage parents with concerns to contact us.

Changes to this Privacy Policy

We may amend this Privacy Policy at any time by posting the amended version on the Services and indicating the effective date of the amended version. We may announce any material changes to this Privacy Policy through the Service and/or via email if we have your email address. In all cases, your continued use of the Services after the posting of any modified Privacy Policy indicates your assent to the amended Privacy Policy.

How to Contact Us

If you have any questions or comments about this Policy or The Value Reporting Foundation’s privacy practices, email us at [email protected] You may also write to us via postal mail at:
The Value Reporting Foundation
Attn: Legal – Privacy
1045 Sansome St, Suite 450, San Francisco 94111

Your Nevada Privacy Rights

You may review and request changes to your information or delete personal information by contacting us at [email protected] . Details on how to opt out of cookie tracking is provided in the Cookie policy section.

Notice to European Users

The information provided in this section applies only to individuals in the European Economic Area and United Kingdom (collectively, “Europe”).

Personal information. References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.

Controller and Representative. [The Value Reporting Foundation – UK]. is the controller of your personal information covered by this Privacy Policy for purposes of European data protection legislation.

Legal bases for processing. The legal bases of our processing of your personal information as described in this Privacy Policy will depend on the type of personal information and the specific context in which we process it. However, the legal bases we typically rely on are set out in the table below. We rely on our legitimate interests as our legal basis only where those interests are not overridden by the impact on you (unless we have your consent, or our processing is otherwise required or permitted by law). If you have questions about the legal basis of how we process your personal information, contact us at [email protected]

Processing purpose	Legal basis
Details regarding each processing purpose listed below are provided in the section above titled “How We Use Your Personal Information”.
To operate the Services	Processing is necessary to perform the contract governing our provision of the Services or to take steps that you request prior to signing up for the Services. If we have not entered into a contract with you, we process your personal information based on our legitimate interest in providing the Services you access and request.
For research and development To send you marketing communications To create anonymous data	We use your data to provide you with information and updates about our work and Services. Specifically, we use your data to: Provide, update, maintain and protect our Services and business. For example, we make it easier to share and collaborate by storing your contacts and making them available for you to use. Communicate with you by responding to your requests, comments, and questions. If you contact us with questions or concerns about the Services, we may use your personal information to respond. Send you emails and other communications. We may contact you about important changes to our Services and Service-related notices. These communications are considered part of The SASB Foundation’s services and you may not opt out of them. Understand how you use our Services and improve them. Send you marketing emails and other communications in certain instances. Investigate and prevent security issues and abuse of The Value Reporting Foundation services or The Value Reporting Foundation users.
To comply with law	Processing is necessary to comply with our legal obligations.
With your consent	Processing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Services.

Use for new purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.

Sensitive personal information. We ask that you not provide us with any sensitive personal information (e.g., social security number, government-issued identification, payment card information, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) on or through the Services, or otherwise to us.

Retention. We retain personal information where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested; to comply with applicable legal, tax or accounting requirements; to establish or defend legal claims; or for fraud prevention). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Your rights. European data protection laws give you certain rights regarding your personal information. If you are located within Europe, you may ask us to take the following actions in relation to your personal information that we hold:

• Access. Provide you with information about how we process your personal information and give you access to your personal information.
• Correct. Update or correct inaccuracies in your personal information.
• Delete. Delete your personal information.
• Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
• Restrict. Restrict the processing of your personal information.
• Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.

Please contact us to submit these requests. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.

Cross-Border Data Transfer
If we transfer your personal information from the European Economic Area to a country outside of it and are required to apply additional safeguards to your personal information under European data protection legislation, we will do so. Please contact us for further information about any such transfers or the specific safeguards applied.

Cookie Policy

This Cookie Policy explains how The Value Reporting Foundation (previously known as SASB, Sustainability Accounting Standards Bound, a 501c3 organization, IIRC (International Integrated Reporting Council, a global not-for-profit organization, incorporated in England and Wales)) and our corporate subsidiaries and affiliates (collectively, “VRF”, “we”, “us” or “our”) uses cookies and similar technologies in connection with valuereportingfoundation.org and any other website that we own or control and which posts or links to this Cookie Policy (collectively, the “Sites”).

What are cookies?
Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies serve different purposes, like helping us understand how a site is being used, letting you navigate between pages efficiently, remembering your preferences and generally improving your browsing experience.

Our Sites may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer or mobile device until you delete them).

We use two broad categories of cookies: (1) first party cookies, served directly by us to your computer or mobile device, which we use to recognize your computer or mobile device when it revisits our Sites; and (2) third -party cookies, which are served by service providers or business partners on our Sites, and can be used by these parties to recognize your computer or mobile device when it visits other websites. Third party cookies can be used for a variety of purposes, including site analytics, advertising and social media features.

On the Sites, we use cookies and similar technologies in the following categories described in the table below.

Type	Description	Who serves the cookies? (link to privacy policy/site)	How to control them
Analytics	These cookies help us understand how our Services is performing and being used. These cookies may work with web beacons included in emails we send to track which emails are opened and which links are clicked by recipients.	Google Analytics HubSpot Hotjar	Google Analytics uses its own cookies. You can find out more information about Google Analytics cookies here and about how Google protects your data here.  You can prevent the use of Google Analytics relating to your use of our Sites by downloading and installing a browser plugin available here. HubSpot Tracking Cookie – For more information, click here Hotjar Tracking Code – For more information, click here. You can opt out here
Essential	These cookies are necessary to allow the technical operation of our Services (e.g., they enable you to move around on a website and to use its features).	HubSpot	HubSpot Tracking Cookie – For more information, click here
Functionality/performance	These cookies enhance the performance and functionality of our Services.	Google Tag Manager	For more information click here.

Other technologies. In addition to cookies, our Sites may use other technologies, such as Flash technology and pixel tags to collect information automatically.

• Browser Web Storage. We may use browser web storage (including via HTML5), also known as locally stored objects (“LSOs”), for similar purposes as cookies. Browser web storage enables the storage of a larger amount of data than cookies. Your web browser may provide functionality to clear your browser web storage.
• Web Beacons. We may also use web beacons (which are also known as pixel tags and clear GIFs) on our Sites and in our HTML formatted emails to track the actions of users on our Sites and interactions with our emails. Unlike cookies, which are stored on the hard drive of your computer or mobile device by a website, pixel tags are embedded invisibly on webpages or within HTML formatted emails. Pixel tags are used to demonstrate that a webpage was accessed or that certain content was viewed, typically to measure the success of our marketing campaigns or engagement with our emails and to compile statistics about usage of the Sites, so that we can manage our content more effectively.

Your choices
Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Sites may not work properly.

For more information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org. If you do not accept our cookies, you may experience some inconvenience in your use of our Sites.

Users may opt out of receiving targeted advertising on websites through members of the Network Advertising Initiative by clicking here or the Digital Advertising Alliance by clicking here. European users may opt out of receiving targeted advertising on websites through members of the European Interactive Digital Advertising Alliance by clicking here, selecting the user’s country, and then clicking “Choices” (or similarly-titled link. Please note that we also may work with companies that offer their own opt-out mechanisms and may not participate in the opt-out mechanisms above.

If you choose to opt out of targeted advertisements, you will still see advertisements online but they may not be relevant to you. Even if you do choose to opt out, not all companies that serve online targeted advertising are included in this list, and so you may still receive some cookies and tailored advertisements from companies that are not listed.

Changes
Information about the cookies we use may be updated from time to time, so please check back on a regular basis for any changes.

Questions
If you have any questions about this Cookie Policy, please contact us at [email protected].