We take the privacy of our users and the protection of any information that is personal to them very seriously. This protection is a responsibility that we share with you.
The SUSTAINABLE IR website at https://sustainable-ir.com (the Site) is operated by SRI-CONNECT Limited who is the controller of and responsible for your personal data. This privacy notice provides information on how we collect and process your personal data when you visit the Site including when you respond to studies/questionnaires published on the Site. It is important that you read this privacy notice together with our Privacy Policy which can be accessed here
Our responsibilities
In order to secure your personal information, we have taken reasonable steps to safeguard the information you provide to us:
- Your user account can only be accessed using your username and password.
- Sensitive data (such as credit card information) is protected by SSL (Secure Socket Layer) encryption when it is exchanged between your web browser and the SUSTAINABLE IR website.
- All information you provide to us, including your personal information, is stored in a tier-one secured-access data centre.
- To protect any data stored on our servers, SRI-CONNECT also regularly audits its system for possible vulnerabilities and attacks, and we use a tier-one secured-access data centre.
However, no data transmission over the Internet can be guaranteed to be completely secure; accordingly, we cannot ensure or warrant the security of any information you transmit to SUSTAINABLE IR. There is no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.
Data protection
SUSTAINABLE IR complies with the principles of the United Kingdom Data Protection Act 2018 and the GDPR when dealing with data received from visitors to our site.
We only hold data which is necessary to perform the research studies and offer the services provided on our website. Users’ access and IP addresses automatically recognised by the web server may be logged for analytical and statistical purposes.
Users may decline to receive mailings or marketing information. Any links within this site to other websites are not covered by this policy.
Your responsibilities
Keeping data secure – your obligations
It is your responsibility to protect the security of your login information. At all times, you agree to:
- keep your password secure and confidential;
- not permit others to use your account;
- refrain from using other users’ accounts;
- refrain from selling, trading, or otherwise transferring your SUSTAINABLE IR account to another party;
- refrain from charging anyone for access to any portion of the SUSTAINABLE IR website, or any information contained therein; and
- maintain no more than one SUSTAINABLE IR account at any given time.
You also agree to:
- immediately notify us of any unauthorised use of your password or account designation or any other breach of security, and
- ensure that you exit from your account whenever completing a session on the SUSTAINABLE IR site.
SRI-CONNECT shall not be liable for any loss or damage arising from your failure to comply with these requirements.
You should report any suspected security violations to us at: This email address is being protected from spambots. You need JavaScript enabled to view it.
Information control
You are responsible for all activity occurring through your account until you request that it be closed down or until such time as you can prove that your account security has been compromised through no fault of your own.
To close your account, you can request this via your profile which is accessed by clicking on the 'Your Profile' button when you are logged in. Alternatively, please contact This email address is being protected from spambots. You need JavaScript enabled to view it.
GDPR compliance information
There are the things that we are required, by the Data Protection Act 2018, the GDPR and other privacy/personal information laws, to tell you:
- The name and contact details of our organisation
- SRI-CONNECT Ltd - a limited company registered in England and Wales at 32 Oakley Road, Reading RG4 7RL with registration number 7254089
- The purposes of the processing
- We process personal data for the purposes of running the SRI-RESEARCH website and the wider SRI-CONNECT network, conducting research studies, improving the efficiency of communications and research flow between individuals within the SRI & corporate governance industry and keeping other professionals with an exposure to sustainable investment and corporate governance updated with research, best practice and developments in the industry.
- Change of purpose
- We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
- If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
- Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
- The lawful basis for the processing
- In GDPR terms, we process personal data on a 'Legitimate interests' basis.
- The legal basis for the processing.
- We process based on our ‘legitimate interest’ - in respect of registered users of the SRI-RESEARCH website this is that the holding, processing and display of proportionate personal data is needed to enable the functioning of the surveys conducted by SRI-CONNECT Ltd. via the SRI-RESEARCH website.
- The categories of personal data obtained (
- We only collect, use, store and transfer personal data provided by you as follows:
- Identity Data (first name, last name, username or similar identifier, title [date of birth] and gender.
- Contact Data (email address, telephone numbers, postal address).
- Technical Data includes [internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website].
- Profile Data includes [your username and password, your feedback and survey responses].
- Usage Data includes [information about how you use our Site].
- Marketing and Communications Data includes [your preferences in receiving marketing from us and our third parties and your communication preferences].
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
- The recipients or categories of recipients of the personal data.
- Information that users of the SRI-RESEARCH website put in their profile or in responses to surveys can be viewed by SRI-CONNECT Ltd as data controller and its data processors.
- Responses to surveys (but not users’ contact details) may be disclosed to our research partner SustainAbility Ltd in accordance with the permissions granted by you at the point of registering to participate in a survey
- The details of transfers of the personal data to any third countries or international organisations (if applicable).
- All personal data is retained within SRI-CONNECT Ltd and the SRI-RESEARCH website. Survey results completed by SRI-RESEARCH users may be distributed either as entered or aggregated (in accordance with the permissions granted by you at the point of registering to participate in a survey) as part of research reports prepared by SRI-Connect either independently or for its clients.
- The retention periods for personal data
- We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm for unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. By law we have to keep basic information about users we have a customer/supplier relationship with (including Contact, Identity, Financial and Transaction Data) for seven years after the original transaction date. In practice this means that:
- For subscriber users or purchasers of reports/other services: a minimum of seven 7 years for information that is necessary for legal compliance
- For registered users: For as long as the user remains a member of the network
- The rights available to individuals in respect of the processing.
- Under certain circumstances, you have rights under data protection laws in relation to your personal data:
- Request access to your personal data (a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of your personal data.
- Request erasure of your personal data where there is no good reason for us continuing to process it; where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and you feel the processing impacts on your fundamental rights and freedoms..
- Request restriction of processing your personal data.
- Request transfer of your personal data.
- Right to withdraw consent where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent..
- If you wish to exercise any of the rights set out above just let us know. (This email address is being protected from spambots. You need JavaScript enabled to view it.)
- You have the right to lodge a complaint with a supervisory authority. Report a concern to the ICO… but please do report your concern to us first. We would be massively disappointed in ourselves at so many levels if you ever feel the need to even consider this.
- Under certain circumstances, you have rights under data protection laws in relation to your personal data:
- The details of whether individuals are under a statutory or contractual obligation to provide the personal data (if applicable, and if the personal data is collected from the individual it relates to).
- You are under no obligation to supply us with anything.
- The details of the existence of automated decision-making, including profiling (if applicable).
- None of this happening.
- We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm for unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. By law we have to keep basic information about users we have a customer/supplier relationship with (including Contact, Identity, Financial and Transaction Data) for seven years after the original transaction date. In practice this means that: