The Committee on Sustainability Assessment, COSA (“COSA”) is committed to maintaining robust privacy protections for its users. Our Privacy Policy (“Privacy Policy”) is designed to help you understand how we collect, use and safeguard the information you provide to us and to assist you in making informed decisions when using our Service.
For purposes of this Agreement, “Site” refers to COSA’s website, which can be accessed at https://www.thecosa.org or through any of our subdomains or applications related.
“Service” refers to COSA’s services accessed via the Site, in which users can access information, download our materials such as indicators, reports, and news, subscribe to our newsletter, and contact us.
The terms “we,” “us,” and “our” refer to COSA. “You” refers to you, as a user of our Site or our Service.
By accessing our Site or our Service, you accept our Privacy Policy and Terms of Use, and you consent to our collection, storage, use, and disclosure of your Personal Information as described in this Privacy Policy.
I. INFORMATION WE COLLECT
We collect “Non-Personal Information” and “Personal Information.” Non-Personal Information includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information we may collect, referring/exit pages and URLs, platform types, preferences you submit and preferences that are generated based on the data you submit and number of clicks. Personal Information includes your email, name, and country, which you submit to us through the registration process at the Site.
Information collected via Technology. To activate the Service you do not need to submit any Personal Information other than your name and email address. To use the Service thereafter, you do not need to submit further Personal Information. However, in an effort to improve the quality of the Service, we track information provided to us by your browser or by our software application when you view or use the Service, such as the website you came from (known as the “referring URL”), the type of browser you use, the device from which you connected to the Service, the time and date of access, and other information that does not personally identify you.
Information you provide us by registering for an account. In addition to the information provided automatically by your browser when you visit the Site, to become a subscriber to the Service you will need to create a personal profile. You can create a profile by registering with the Service and entering your email address and creating a user name and a password. By registering, you are authorizing us to collect, store and use your email address in accordance with this Privacy Policy
Children’s Privacy. The Site and the Service are not directed to anyone under the age of 13. The Site does not knowingly collect or solicit information from anyone under the age of 13, or allow anyone under the age of 13 to sign up for the Service. In the event that we learn that we have gathered personal information from anyone under the age of 13 without the consent of a parent or guardian, we will delete that information as soon as possible. If you believe we have collected such information, please contact us at [email protected]
II. HOW WE USE AND SHARE INFORMATION
Personal Information. Except as otherwise stated in this Privacy Policy, we do not sell, trade, rent or otherwise share for marketing purposes your Personal Information with third parties without your consent. We do share Personal Information with vendors who are performing services for COSA, such as the servers for our email communications who are provided access to user’s email address for purposes of sending emails from us. Those vendors use your Personal Information only at our direction and in accordance with our Privacy Policy.
In general, the Personal Information you provide to us is used to help us communicate with you. For example, we use
Personal Information to contact users in response to questions, solicit feedback from users, provide technical support, and inform users about promotional offers.
We may share Personal Information with outside parties if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to meet any applicable legal process or enforceable governmental request; to enforce applicable Terms of Service, including investigation of potential violations; address fraud, security or technical concerns; or to protect against harm to the rights, property, or safety of our users or the public as required or permitted by law
Non-Personal Information. In general, we use Non-Personal Information to help us improve the Service and customize the user experience. We also aggregate Non-Personal Information in order to track trends and analyze use patterns on the Site. This Privacy Policy does not limit in any way our use or disclosure of Non-Personal Information and we reserve the right to use and disclose such Non-Personal Information to our partners and other third parties at our discretion.
In the event we undergo a business transaction such as a merger, acquisition by another company, or sale of all or a portion of our assets, your Personal Information may be among the assets transferred. You acknowledge and consent that such transfers may occur and are permitted by this Privacy Policy and that any acquirer of our assets may continue to process your Personal Information as set forth in this Privacy Policy. If our information practices change at any time in the future, we will post the policy changes to the Site so that you may opt out of the new information practices. We suggest that you check the Site periodically if you are concerned about how your information is used.
III. HOW WE PROTECT INFORMATION
We implement security measures designed to protect your information from unauthorized access. Your account is protected by your account password and we urge you to take steps to keep your personal information safe by not disclosing your password and by logging out of your account after each use. We further protect your information from potential security breaches by implementing certain technological security measures including encryption, firewalls and Secure Socket Layer (SSL) technology. However, these measures do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of such firewalls and secure server software. By using our Service, you acknowledge that you understand and agree to assume these risks. COSA securely stores your data on servers located in Canada and the US. We will keep your personal data for as long as service is available, for the purpose of using the service, or until you ask us to remove it. In the event of a data breach, we will notify you within 72 hours of learning of the event.
IV. YOUR RIGHTS REGARDING THE USE OF YOUR PERSONAL INFORMATION
We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
- The right to access – You have the right to request COSA for copies of your personal data. We may charge you a small fee for this service.
- The right to rectification – You have the right to request that COSA correct any information you believe is inaccurate. You also have the right to request Our Company to complete information you believe is incomplete.
- The right to erasure – You have the right to request that COSA erase your personal data, under certain conditions.
- The right to restrict processing – You have the right to request that COSA restrict the processing of your personal data, under certain conditions.
- The right to object to processing – You have the right to object to COSA’s processing of your personal data, under certain conditions.
- If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: [email protected]
You have the right at any time to prevent us from contacting you for marketing purposes. When we send a promotional communication to a user, the user can opt out of further promotional communications by following the unsubscribe instructions provided in each promotional email. You can also indicate that you do not wish to receive marketing communications from us using the opt-out link in our email communication to you. Please note that notwithstanding the promotional preferences you indicate by either unsubscribing or opting out, we may continue to send you administrative emails including, for example, periodic updates to our Privacy Policy.
V. LINKS TO OTHER WEBSITES
As part of the Service, we may provide links to or compatibility with other websites or applications. However, we are not responsible for the privacy practices employed by those websites or the information or content they contain. This Privacy Policy applies solely to information collected by us through the Site and the Service. Therefore, this Privacy Policy does not apply to your use of a third party website accessed by selecting a link on our Site or via our Service. To the extent that you access or use the Service through or on another website or application, then the privacy policy of that other website or application will apply to your access or use of that site or application. We encourage our users to read the privacy statements of other websites before proceeding to use them.
VI. LINKS TO THIRD-PARTY SITES
This notice does not apply to any third-party sites that may link to, or be accessible from, our sites such as our newsletter provider and payment processor. Your interactions with these sites are governed by the third parties’ applicable privacy notices, statements, or policies. We encourage you to read them.
VII. COOKIES AND SIMILAR TECHNOLOGIES
COSA may use both persistent and session cookies; persistent cookies remain on your computer after you close your
session and until you delete them, while session cookies expire when you close your browser. For example, we store a persistent cookie to track emails, names, activities on our sites through site analysis software (e.g., Google analytics) and web security middleware (e.g. Cloudflare).
This notice describes the different types of cookies and similar technologies we may use in connection with our sites. Unless you have adjusted your browser setting so that it will refuse cookies, cookies may be issued when you visit our sites. By continuing to use our sites, you consent to the relevant cookies and similar technologies being placed on your computer or device.
Cookies and Similar Technologies we use. Our sites may use cookies, which are small text files stored on your computer or device when you access a website. More information about cookies is available at www.aboutcookies.org. We use cookies to remember you and your preferences and help us understand how you engage with our sites.
Click-through URLs. If you “opt in” to receive newsletters, updates, or other information from us, our emails may use a “clickthrough URL” linked to content on our sites. When you click one of these URLs, they pass through a separate web server before arriving at the destination page on our sites. We use this click-through data to help us understand how recipients respond to, or interact with, our emails
Third-party analytics services. We use third-party analytics services, including Google Analytics and others, to collect information about your use of our sites and enable us to improve how our sites. You can learn about Google’s practices by going to www.google.com/policies/privacy/partners. Google Analytics and other third-party analytics services use cookies and similar technologies to collect information about use of our sites and to report website trends to us, without identifying individuals to us. We use this information to see the overall patterns of usage on our sites, help us record any difficulties you have with our sites, and tell us whether our communication efforts are effective.
Third party social media and video sites. If you choose to share our digital content with friends through social networks, such as Facebook and Twitter, or to watch a video posted to a third-party media site (such as YouTube), you may be sent cookies from these third-party websites. We do not control the setting of these cookies, so please check the third-party websites for more information about their cookies and how to manage them.
Managing cookies and similar technologies
Cookies. You do not need to have cookies enabled to browse our sites unless you want us to remember you and your preferences when you return. If you prefer not to allow cookies, most cookies can be managed or blocked through your browser.
Click-through URLs. If you prefer not to be tracked this way, please do not click text or graphic links in emails you receive from us.
Third-party analytics service. You can opt out of data collection or use by Google and other third-party analytics services we may use on some of our sites
VI. COMPLIANCE AND CHANGES TO OUR PRIVACY POLICY
COSA reserves the right to change this policy and our Terms of Service at any time. We will notify you of significant changes to our Privacy Policy by sending a notice to the primary email address specified in your account or by placing a prominent notice on our site. Significant changes will go into effect 30 days following such notification. Non-material changes or clarifications will take effect immediately. You should periodically check the Site and this privacy page for updates. This policy meets basic GDPR requirements.
VII. CONTACT US
If you have any questions regarding this Privacy Policy or the practices of this Site, please contact us by sending an email to [email protected]. Should you wish to report a complaint or if you feel that COSA has not addressed your concern in a satisfactory manner, you may contact the Federal Trade Commission.