Privacy Notice
Updated 23 September 2023
Introduction
This Privacy Notice covers the handling of personal data by Frost & Sullivan Inc. and its affiliated entities, collectively known as “Frost & Sullivan” (also “we”, “our” and “us” in this document). We understand that you care about the privacy of your Information, and we take that seriously. This Privacy Notice describes our policies and practices regarding collecting and using your personal data and setting forth your privacy rights.
Contact Details
We have appointed a data protection officer (DPO) responsible for overseeing questions about this Privacy Notice. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact our Data Protection Officer at privacy@frost.com.
Changes to this Privacy Notice
We recognize that information privacy is an ongoing responsibility. We will, from time to time, update this Notice. If we make any material changes, we will notify you by posting the revised notice on our websites. Your continued use of the websites, subscription service, and continued provision of personal data to us will be subject to the terms of the then-current Privacy Notice.
How we collect and use (process) personal data?
- Visitors to our website
- Clients and business contacts
- Research subjects
- Marketing
- Recruitment
1. Visitors to our website
When you visit our website, we use third-party services to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to various parts of the website. When you complete a contact form on our website or use the email for enquiries, we will use the information given by you to provide you with an appropriate response.
1.1 Social Media Features
Our websites may include Social Media Features, such as the Facebook Like button and Widgets, the Share This button or interactive mini-programs that run on our sites. These features may collect your I.P. address, the page you are visiting on our sites, and set a cookie to enable the feature to function correctly. Social Media features and widgets are either hosted by a third party or hosted directly on our websites. Your interactions with these features are governed by the privacy policy and other policies of the companies providing them.
1.2 External Websites
Our websites provide links to other websites. We do not control and are not responsible for the content or practices of these other websites. Our provision of such links does not constitute our endorsement of these other websites, their content, their owners, or their practices. This Privacy Notice does not apply to these other websites. Those websites are subject to any privacy and other policies they may have.
1.3 Public Forums
We offer publicly accessible message boards, blogs, and community forums. Please keep in mind that if you directly disclose any information through our public message boards, blogs, or forums, this information may be collected and used by others. We will correct or delete any information you have posted on the websites if requested by you.
2. Clients and Business Contacts
Our clients signify businesses and their representatives who:
- Commission us to conduct market intelligence surveys
- Procure growth consultancy services from us
- Subscribe to our research reports and GPS platform
- Subscribe to the Innovation Generator tool
- Purchase a research paper and other products from our online store
- Register and attend webinar/ virtual events/ local event hosted by our sponsors or us
- Become a member of growth, leadership and innovation council; customer engagement leadership council; Oil and gas leadership council; GLOW network
2.1 What Information do we hold about our clients/ suppliers?
We may hold the following information about our clients/ suppliers:
- Contact details- name, job title, business address, business email address, business phone numbers, including mobile numbers
- Usernames and login information to our platforms
- Usage reports from these platforms
- Transaction data including details about services you have purchased from us/ provided to us
- Photograph, professional profile, areas of expertise for our networking groups
- Your videos and photographs that were taken at any of our events attended by you
- Your testimonials for our services
We may receive personal data from our clients about other individuals, e.g. their colleagues while providing our services. Any such information is used solely for such purposes and is handled strictly as per client instructions.
This data is collected and processed to fulfil our contract with you, provide you with our services, including access to our platforms. We also use your data to contact you for our research analytics.
3. Research Subjects
We conduct research and analytics on various topics to provide competitive intelligence and thought leadership services to our clients. For this purpose, we undertake research that may take the form of computer-aided telephone interviews, interactive voice response surveys, online surveys, telephone interviews, or focus group discussions.
If you are an employee/owner of an organization that we believe may have an interest in our services or those of our clients, then we may hold personal information on you like your name, job title, work telephone number and email address. We capture this data from the public domain, from speaking to someone at your company or directly communicating with you.
3.1 What Information do we collect about our research subjects?
We may collect and hold the following information about you
- Contact details: name, job title, employer name, contact email, phone number, country of residence
- Specific attributes to aid our research- age, ethnicity, confirmation about purchasing and using a particular product which may be a health product
- Call records and survey responses. Your responses and call records are only processed in a way that does not identify any individual.
3.2 How do we collect your data?
We may obtain information about research subjects via the following sources:
- Our database of customers and previous research subjects
- Publicly available information about person of interest (e.g., from Google, LinkedIn, Facebook, Twitter, news articles)
- Provided by our clients who have asked us to conduct such research
- Sourced by our approved vendors. They are required to obtain and provide us with an audit trail of your consent to share your Personal Data with us.
4. Marketing Data
We hold contact details of individuals who have expressed interest in hearing from us or have engaged with us for our past services. All direct marketing activities to such individuals shall comply with relevant privacy and regulatory requirements.
4.1 How is your personal data collected?
You may give us your personal data by
- Completing any form on Frost & Sullivan’s website or subscribing to newsletters/ e-bulletins
- Completing a form attached to corporate communications, direct marketing campaigns, whitepaper
- Registering to our webinar/ virtual events/ in-person events
- Taking part in an event sponsored by Frost & Sullivan/Frost & Sullivan’s client
- Joining any of our networking and leadership groups
- Attending analyst briefings, council webinars, E-broadcasts, Intelligent Mobility events
- Procuring any products or services from Frost & Sullivan
- Signing up to blog or submit a comment
- Completing a preference form
- Interacting with our Accounts Managers/Sales/Business development team
- Participating in research interviews
Data may also be gathered from the public domain, e.g. LinkedIn, Google, your website.
4.2 How we use your data?
We may use your data to form a view on what we think you may want or need or what may be of interest to you. We only use the data you provide to us directly for this purpose, along with the aggregated data provided to us by our analytics partners.
We strive to provide you with choices regarding specific personal data uses, particularly around marketing and advertising.
We send electronic marketing – such as email marketing – to people who have previously bought similar products from us or expressed interest in our products or services. We carry out this marketing activity based on our legitimate interests.
We will always offer a way out of receiving this marketing when you first purchase our products and in every marketing communication afterwards. We may, on occasion, send out postal marketing for growing our sales which is in our legitimate interests. You can update your marketing preferences if you do not wish to receive these communications
You may also receive marketing and events information on the email address you have made publicly available, e.g., on LinkedIn and other such platforms, if we believe this will be useful. You can unsubscribe from such emails if you don’t wish to receive them in the future.
5. Recruitment / HR
EU-U.S. Data Privacy Framework
EU and UK Individuals
Frost and Sullivan complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. Frost and Sullivan has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Frost and Sullivan commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF in the context of the employment relationship.
Please read this privacy notice in full to learn about how we may share your personal data and your various rights.
All of the information you provide during the application process will only be used to process your application and also to meet legal or regulatory requirements if necessary. We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your Information outside of Frost & Sullivan controlled systems.
The Information you provide will be held by us securely. We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for. We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.
5.1 Application stage
All applications are submitted via our website. We ask you for:
- Username and password for our recruitment platform
- Contact details- name, address, phone number and email address
- Your previous experience- details of your education, work history, your interests, qualifications and experience
This information will only be visible to our central recruitment team and shared with the Regional hiring team. You can withdraw your application or change details by logging through our website.
5.2 Selection stage
Our hiring managers shortlist applications for interview. Information will be generated by you and by us. For example, you might complete a written test, or we might take interview notes. We hold this information to assess your suitability for the role. We will also conduct an I.D. verification and check your right to work as per local regulations before any offer letters are issued.
5.3 How long is the information retained?
If you are unsuccessful at any stage of the process, the information you have provided until that point will be archived from the date an email intimation is sent to you. The information generated throughout the assessment process, for example, interview notes, is retained by us for six months following the closure of the position. If you are successful in your application, we will retain your information per our Privacy Notice for Employees and Contractors.
Cookies on the Website
Please see our cookie declaration here: https://dev.frost.com/cookie-declaration/
When and how do we share your Personal Data?
We may share your personal data with:
- Our Global Marketing team and Research team, where we have either obtained consent or assessed that it can be processed under the legitimate interest basis.
- Our I.T. service providers and cloud service providers who provide data storage, processing, backup and retrieval services
- Any third parties (e.g., sponsors of our events and webinars) with whom you permit us to share your contact information
- Credit card processors for our e-store. We do not hold credit card details.
We remain liable in respect of any onward transfers to other third parties.
Please note that Frost and Sullivan is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
We are also obligated to arbitrate claims and follow the terms as set forth in Annex I of the DPF Principles, provided that you have invoked binding arbitration by delivering notice to us and following the procedures and subject to conditions set forth in Annex I of Principles.
We may also be required to disclose your personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
International Transfer of Data
Your personal information may be collected, transferred to and stored by us in the United States and by our affiliates in other countries where we operate.
Please refer to our region-specific data processing guidelines below.
EU-U.S. Data Privacy Framework
EU and UK Individuals
Frost and Sullivan complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. Frost and Sullivan has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Frost and Sullivan commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.
Automated Decision-making
We do not use automated decision-making concerning your personal data.
Security of your Personal Information
To help protect the privacy of data and personally identifiable information you provide, we maintain physical, technical and administrative safeguards. We update and test our security technology and controls on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your Information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.
We have information security policies and procedures to protect Personal Information from unauthorized access, alteration, disclosure or destruction and have several layers of security measures appropriate for the type and sensitivity of the data.
Data Storage and Retention
Your personal data is stored by us on our servers (in the U.S. and the U.K.) and on the servers of the cloud-based services and I.T. service providers we engage, as well as in physical forms in our office and at backup and archival facilities. We retain data as per our data retention policy and regulatory data retention requirements. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at privacy@frost.com.
Your Rights and How to Access and Manage Your Personal Information
GDPR and U.K. Data Protection Act
For the data subjects based in the E.U., EEA and the U.K., if you wish to confirm that Frost & Sullivan is processing your personal data or for accessing the personal data we may have about you, please contact us at privacy@frost.com.
You have a right to request correction of inaccurate information, deletion of Information, and to instruct us to stop or restrict the processing of your Information. If you’d like more information or would like to make such a request, please contact us at privacy@frost.com.
We verify that any data transfer outside of EEA or UK is subject to E.U. or UK adequacy requirements, Standard Contractual Clauses, UK International Data Transfer Agreements, Binding Corporate Rules or is covered under the EU-US Data Privacy Framework (EU-US DPF) and the UK Extension to the EU-UK DPF. We may transfer data necessary for the performance of a contract between us. In situations where data needs to be transferred to a country or a region where these measures do not apply, we will seek explicit consent from you before making such a transfer.
California Consumer Protection Act (CCPA)
1. What Information do we collect?
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of Personal Information from consumers within the last twelve (12) months:
- Category A – Identifiers
Examples: Name, postal address, Internet Protocol address, email address, Social Security number, or other similar identifiers.
- Category B – Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
Examples: Name, signature, address, telephone number, fax number.
- Category F – Internet or other similar network activity
Examples: Access history and Information on your interaction with our website(s).
- Category I – Professional or employment-related information
Examples: Occupation, employer information.
2. How we collect your Personal Information?
We obtain the categories of Personal Information listed above from the following types of sources:
- Directly from our clients or their agents. For example, from the Information that our clients provide to us related to the Services for which they engage us.
- Directly from you. For example, through the Information that we ask from you when our clients subscribe and engage our Services.
- Directly and indirectly from you when using our Services or visiting our website. For example, usage details collected automatically in the course of your interaction with our platform or website.
3. Sharing Personal Information
We may share your personal data with our event sponsors to meet with them at an event. Additionally, in the course of performing research or a survey, we may share summary data and statistics to convey the results of the study or survey.
4. Your rights and choices
The CCPA provides consumers (California residents) with specific rights regarding their Personal Information. This section describes your CCPA rights and explains how to exercise those rights.
We do not ‘sell’ personal information as defined under CCPA.
-
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your Personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of personal information we collected about you.
- Our business or commercial purpose for collecting Personal Information.
- The categories of third parties with whom we share that Personal Information.
- The specific pieces of personal information we collected about you (also called a data portability request).
-
Deletion Request Rights
You have the right to request that we delete any of your personal information we collected from you and retained it, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete your personal information from our records unless an exception applies.
We may deny your deletion request if retaining the Information is necessary for us to:
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech or ensure the right of another consumer to exercise their free speech rights or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the Information’s deletion may likely render impossible or seriously impair the research’s achievement if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
5. Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us at privacy@frost.com.
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal Information or an authorized representative.
- Describe your request with sufficient detail that allows us to understand, evaluate, and respond to it properly.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the Personal information relates to you. A verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
6. Response Timing and Format
We endeavour to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to the registered email associated with the account. If you do not have an account with us, we will provide our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the Information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
7. Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you the use of our Services.
- Provide you with a different level or quality of Services.