Last updated: July 19, 2021
This Statement explains S&P Data Digital practices when we process your “Personal Data,” “Personal Information” which is information that relates to an identified or identifiable individual. To “process” or “processing” means any use of personal data including, transferring, collecting, recording, storing, using, analysing, combining, disclosing or deleting it.
This Policy may be updated periodically. If we plan to make any material changes to the way we handle Personal Data as described here.
Personal Information You Provide
We collect some Personal Information when you use the Site or when you communicate directly with us, including when you:
Visit our website
Through these interactions, you may provide us with the following categories of Personal Information:
Identifiers such as your first and last name, email address, postal address, phone number, user name and password, social media handle, date of birth, or other similar identifiers.
Protected characteristics such as your gender, age, race, or other protected classifications under applicable law.
Financial, medical, or health information such as medical condition information, bank or credit card numbers or other financial information.
Audio, electronic, visual, thermal, olfactory, or similar information such as photographs of you, biometric identifiers, or voice recordings from you.
Professional information such as information about your employer, salary, job history, job interests, or job title.
Education information such as your education history, degrees or certifications obtained.
Communications. When you participate in polls or surveys, register for an event or contact us, we may maintain a record of that communication including any Personal Information you provide in the communication.
You may choose not to provide Personal Information or withdraw any consent you have provided to our processing of your information at any time, although it may affect our ability to provide you with relevant information or services.
Personal Information Received from Third Parties
We also collect some Personal Information from other sources, such as our affiliates, subsidiaries, or other third parties, directly or through technology such as cookies.
Personal Information we receive from Third Parties may include the following categories of Personal Information:
Identifiers such as your first and last name, email address, postal address, phone number, user name and password, social media handle, or other similar identifiers.
Financial, medical, or health information that may include bank or credit card numbers or other financial information.
Audio, electronic, visual, thermal, olfactory, or similar information such as photographs of you or your IP address.
In order to offer you a more consistent and personalised experience in your interactions with S&P DataDigital, information collected from one source may be combined with information S&P Data Digital obtains through other sources. This may include information that allows us to identify you across multiple devices through which you access our website. We may also supplement the information we collect with information obtained from other parties, including our business partners and other third parties.
Other Data Collected Automatically by Our Website
When you visit our website, we may utilise cookies or similar technologies to automatically receive the following categories of information:
Identifiers such as your computer’s internet protocol (IP) address, your operating system and browser type, your general geographic location or other persistent identifiers.
Internet or other electronic network activity information such as the pages you visit on our website, links and advertisements you click, search terms you enter, the Uniform Resource Locator (URL) address of any referring website length of time spent on a webpage. This information is also used to operate, maintain, and manage our website. For example, we may calculate the average number of site visitors who visit a particular webpage on our website.
We use the Personal Information we collect to:
Improve Customer Service
Information you provide helps us deliver the services you have requested and to respond to your customer service requests.
We may use the information you provide to process your payments. We do not share this information with outside parties except to the extent necessary to provide the service or complete payment.
Communicate With You
If you have opted-in, we may use your Personal Information to communicate with you about S&P Data Digital services and offerings, including company news, updates, related offerings or service information.
To update your preferences or to opt-out of receiving certain communications, please see How to Access and Control Your Personal Information below.
Protect Security of Our Site and To Prevent Fraud
We may use the information you provide to protect the security and integrity of our Site, business(es) and services, and to prevent fraud and other prohibited or illegal activity.
Enforce Our Conditions of Sale
We may use the information you provide to enforce our conditions of sale, website terms and/or separate contracts (if applicable) with you.
For Other Disclosed Purposes
We may use your Personal Information for other reasons, as disclosed to you at the point of collection.
We may aggregate or de-identify any information collected about you through your interactions with S&P Data Digital or the Site, and we may use that aggregated or de-identified information for any purpose.
We may disclose Personal Information to affiliates, business partners and advertisers to perform mservices on our behalf, to complete the transaction of a service you have authorised, or to provide information you have requested.
We may disclose your Personal Information with certain parties in order to achieve our own business purposes. These receiving parties and occasions may include:
Where required by law: We may share your Personal Information with law enforcement agencies, courts, other government authorities or other third parties where we believe necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.
In the context of a transaction: We may share your Personal Information with potential transaction partners, service providers, advisors, and other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we are acquired by or merged with another company or we sell or transfer all or a portion of our assets or business.
The following categories of your Personal Information (as defined above) may be shared with these parties:
Internet or other electronic network activity information
Financial, medical, or health information
Audio, electronic, visual, thermal, olfactory, or similar information
website may also include web beacons and cookies from third party service providers. Cookies are small text files sent from a website and stored on your browser while you visit a website. Cookies track how you use a website and enable the website to remember your preferences and settings and help us
analyse how our website is performing. You may choose not to receive certain cookies by making changes to your cookie preferences through the options available in your web browser; however, please note this may affect the availability of certain features of our website. For more information, please
Do Not Track is a privacy preference that can be set in a web browser. At this time the Site does not recognise Do Not Track browser settings or signals because there is no agreed upon standard for how to interpret these signals yet. For information about Do Not Track, please visit allaboutdnt.com. We share contact information or other Personal Information with our subsidiaries or affiliate companies for business marketing purpose.
We use certain physical, administrative and electronic safeguards to protect the security, confidentiality and integrity of Personal Information. While no method of data transmission or storage is 100% secure, and we cannot guarantee that our network or systems will never be compromised, we take reasonable measures to protect your Personal Information against loss, destruction, alteration, or unauthorised access or disclosure.
If you are a resident of the European Economic Area (EEA), and your personal data is transferred outside of the EEA, we will:
Process it in a territory which the European Commission has determined provides an adequate level of protection for personal information
Implement appropriate safeguards to protect your personal information, including transferring it in accordance with applicable transfer mechanisms, including the European Commission’s Standard Contractual Clauses.
Entering into written agreements with non-EU recipients that require them to provide the same level of protection, or relying on other legally-approved transfer mechanisms.
We retain Personal Information for as long as it is necessary to provide the services you have requested and for other legal compliance or essential business purposes such enforcing our contracts, maintaining the security of our services, business(es) and website, enforcing our legal rights, or dispute resolution.
Our website is a general audience site and is not intended for use by children under 18. We do not knowingly collect Personal Information from children under the age of 18 through our Site. If you become aware that a child under 18 has provided us with Personal Information through our Site, we ask that you notify us by email at [email protected]. Should we become aware that a child under age 18 has provided Personal Information through the Site, we will take steps to immediately delete it.
You have choices about how to manage your Personal Information and what types of communications you receive from us. Please note that we may have a legal obligation to preserve certain data and that we may need to request information from you in order to confirm your identity. This is to ensure that we can locate relevant data and that your Personal Information is not disclosed to a person who does not have a right to receive it. Except where not permissible under local law, you may be required to pay a fee for the administrative cost of providing you with a copy of your data.
Marketing Communications: You may choose to opt-out of receiving certain email communications from us by using the unsubscribe link email communication you receive from us, visiting the applicable email preference centre or by contacting us directly.
EU Site Visitors and Customers:
European Privacy Rights: If you reside in the European Economic Area, you may have the right to exercise certain privacy rights available to you under applicable laws. We will process your request in accordance with applicable data protection laws. We may need to retain certain information for record-
keeping purposes or to complete transactions that you began prior to requesting any deletion.
Right not to provide consent or to withdraw consent. We may seek to rely on your consent in order to process certain personal data. Where we do so, you have the right not to provide your consent or to withdraw your consent at any time. This does not affect the lawfulness of the processing based on
consent before its withdrawal.
Right of access and/or portability. You may have the right to access the personal data that we hold about you and, in some limited circumstances, have that data provided to you so that you can provide or “port” that data to another provider.
Right of erasure. In certain circumstances, you may have the right to the erasure of personal data that we hold about you (for example if it is no longer necessary for the purposes for which it was originally collected).
Right to object to processing. You may have the right to request that S&P Data Digital stop processing your personal data and/or to stop sending you marketing communications.
Right to rectification. You may have the right to require us to correct any inaccurate or incomplete personal information.
Right to restrict processing. You may have the right to request that we restrict processing of your personal data in certain circumstances (for example, where you believe that the personal data we hold about you is not accurate or lawfully held).
Right to lodge a complaint to your local Data Protection Authority. If you are an EEA resident, you have the right to complain to a data protection authority about our collection and use of your personal data.
Please note that we may have legal or other obligations to preserve certain data which could prevent us from deleting certain data.
California Site Visitors and Customers: In accordance with the requirements of the California Consumer Privacy Act, you may have certain rights in relation to your Personal Information.
Your California Privacy Rights: If you are a resident of the State of California, this Privacy Statement is supplemented by our California Privacy Rights Statement that explains your California privacy rights and how you can exercise these rights.
How to Exercise Your Rights
To exercise any of the rights above, email us at [email protected] You may also submit a request to the following address:
Attention: S&P Data Digital Privacy Office
S&P Data Digital
1500 W 3 rd . St,
Cleveland, Ohio 44113
Email: [email protected]
Please identify yourself and specify your request. If you have an existing account with S&P Data Digital, we will use your account information to verify your identity. If not, we will ask you to provide additional verification information. What we request will depend on the nature of your request, how sensitive the information is, and how harmful unauthorised disclosure or deletion would be.
We use commercially reasonable efforts to delete your personal data as required but retain records necessary to comply with a governmental authority or applicable federal, state, or local law. Where legally permitted, we may decline to process requests, including requests that are unreasonably repetitive or systematic, require disproportionate technical effort, or jeopardize the privacy of others.
Where S&P Data Digital collects personal information directly from you, it will be provided in clear and conspicuous language when individuals are first asked to provide personal information to S&P Data Digital, or as soon as practicable thereafter, and in any event before S&P Data Digital uses or discloses the information for a purpose other than that for which it was originally collected.
S&P Data Digital will offer You the opportunity to choose (opt in/opt-out) whether your Personal Information is (a) to be disclosed to a non-processor third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorised by You.
For Sensitive Personal Information, S&P Data Digital will give you the opportunity to affirmatively and explicitly consent (0pt-in) to the disclosure of the information to a non- processor third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorised by you. S&P Data Digital will provide you with reasonable mechanisms to exercise their choices. You can modify your information at any time by request, or ask that your information to be deleted. You can also request and select to have your information used in a limited way.
Data Integrity and Purpose Limitation
S&P Data Digital will use personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorised by You. S&P Data Digital will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete, and current.
Recourse, Enforcement and Liability
S&P Data Digital Compliance Office, 1500 W 3 rd St, Cleveland, OH 44113
Accountability for Onward Transfer
S&P Data Digital will obtain assurances from third parties that they will safeguard Personal Information consistently with this Policy. Examples of appropriate assurances that may be provided by third parties include: a contract obligating the third party to provide at least the same level of protection as is required by Regulation (EU) 2016/679 the General Data Protection Regulation “GDPR”, or being subject to another European Commission adequacy finding (e.g., companies located in Canada). Where S&P Data Digital has knowledge that a Processor is using or disclosing Personal Information in a manner contrary to this Policy, S&P Data Digital will take reasonable steps to prevent or stop the use or disclosure.
Attention: S&P Data Digital Compliance Office
S&P Data LLC
1500 W 3 rd St,
1920 Yonge St, Toronto ON
1500 W 3rd St, Cleveland OH