The ‘Terms and Conditions’ originally set out at SRI-CONNECT’s launch cover the vast majority of the conditions under the EU GDPR regulation. However, there are a few things that we believe we have been doing – but haven’t communicated or have tightened up recently.
We’ve decided that the best way to keep our communications on these readable is to keep them short and to the point.
So, in bullets, these are the things that we are required, by law, to tell you:
- The name and contact details of our organisation
- SRI-CONNECT Ltd - a limited company registered in England and Wales at 32 Oakley Road, Reading RG4 7RL with registration number 7254089
- The purposes of the processing
- We process personal data for the purposes of running the SRI-CONNECT network, improving the efficiency of communications and research flow between individuals within the SRI & corporate governance industry and keeping other professionals with an exposure to sustainable investment and corporate governance updated with research, best practice and developments in the industry.
- The lawful basis for the processing
- In GDPR terms, we process personal data on a 'Legitimate interests' basis.
- The legitimate interests for the processing.
- Our ‘legitimate interest’ - in respect of registered users of SRI-CONNECT is that the holding, tightening and display of proportionate personal data is needed to enable the functioning of a professional industry network such as SRI-CONNECT.
- Our ‘legitimate interest’ – in respect of other industry professionals who have not registered as active participants in SRI-CONNECT – is that their professional role (as an SRI Analyst, Corporate Governance Analyst, Investor Relations Manager or Sustainability Manager) requires them to keep abreast of trends within the industry. For such individuals, we retain and process the very limited data (name, role, firm and email address) that enables us to update them periodically on activity within the largest global online network (SRI-CONNECT) in their professional sphere of activity.
- The categories of personal data obtained (if the personal data is not obtained from the individual it relates to).
- Very little – but see ‘Other sources’ below
- The recipients or categories of recipients of the personal data.
- Information that users of SRI-CONNECT put in their profile can be viewed by and may be shared with other users of the site.
- See below for formats in which data is shared.
- Currently – as with many social networks – the fact that an individual is a member of the network is visible via an internet search (name, role, firm). Typically, it appears in search results just below your LinkedIn profile and your company’s announcement that they have appointed you. We will never make more details available than this and are considering whether to tighten it … to make all profile information invisible.
- The details of transfers of the personal data to any third countries or international organisations (if applicable).
- Beyond what can be seen in professional profiles, we don’t share any personal data with anyone outside the SRI-CONNECT network.
- The retention periods for personal data
- We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm for unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. By law we have to keep basic information about users we have a customer/supplier relationship with (including Contact, Identity, Financial and Transaction Data) for seven years after the original transaction date. In practice this means that:
- For subscriber users or purchasers of reports/other services: a minimum of seven 7 years for information that is necessary for legal compliance
- For registered users: For as long as the user remains a member of the network
- For unregistered users: For as long as they have an active professional interest in sustainable investment or corporate governance.
- The rights available to individuals in respect of the processing.
- These are available on request
- The right to withdraw consent.
- You have that right. Just let us know. (
This email address is being protected from spambots. You need JavaScript enabled to view it. ) - The right to lodge a complaint with a supervisory authority.
- You have that right. Report a concern to the ICO … but please do report your concern to us first. We would be massively disappointed in ourselves at so many levels if you ever feel the need to even consider this.
- The source of the personal data (if the personal data is not obtained from the individual it relates to).
- See ‘Other Sources’ below
- The details of whether individuals are under a statutory or contractual obligation to provide the personal data (if applicable, and if the personal data is collected from the individual it relates to).
- You are under no obligation to supply us with anything.
- The details of the existence of automated decision-making, including profiling (if applicable).
- None of this happening.
Other Sources
We encourage all users of the site to keep their professional profile on SRI-CONNECT updated to ensure that they are accurately represented in the industry … but not everyone does this … or remembers to do this when they move firms. To avoid misrepresentation, we contact individuals when we become aware of errors / gaps in their profiles and also update profiles (City, Role, Firm only) where we can find that the individual has consented to put this information in the public domain (i.e. via a statement from a new employer or by updating their LinkedIn profile)