- What personally identifiable information ESAC collects;
- What personally identifiable information third parties collect through the website;
- How ESAC uses and shares the information;
- What choices are available to users regarding collection, use and distribution of the information;
- What measures ESAC takes to protect the information under its control; and
- How users can correct any inaccuracies in the information.
If you have questions or concerns regarding this statement, please contact ESAC at info@ESAC.org.
YOUR INFORMATION AND HOW IT IS USED
Visiting the ESAC Site:
The ESAC site collects two kinds of information: (i) information that identifies you or your company (collectively, “Personally Identifiable Information”); and (ii) information that does not identify any person or company such as browser type, operating system type, access time and page views (collectively, “Non-Personally Identifiable Information”). As a general policy, only Non-Personally Identifiable Information is automatically collected from your visit to the ESAC site.
Information Collected During the Application and Accreditation Process:
If you apply for accreditation, you will be asked to provide us with certain specific information about yourself and/or your company including (i) contact information such as your name, phone/fax number, mailing/e-mail address, and primary contact person (collectively, “Contact Information”); and (ii) information about your company’s policies, procedures, operations and staff as they pertain to the financial, ethical and operational standards required for accreditation (collectively, “Business Information”). During initial accreditation processes, we will only share your Contact Information and Business Information with the ESAC staff and service providers involved in verifying your company’s compliance with the accreditation requirements. None of these individuals will be employed by or own a financial interest in any other company in the same or similar business as your company, and all of these individuals will have executed a non-disclosure confidentiality agreement with respect to information provided to them by ESAC. Your Contact and Business Information will only be shared with Independent Directors on the ESAC Board of Directors as a part of the accreditation process. These Directors have executed a non-disclosure confidentiality agreement similar to the agreement executed by ESAC staff. If the ESAC Independent Directors approve your company for accreditation, ESAC will make a press release and update the ESAC site identifying by company name, address, phone number and website address that your company is now accredited, but no other Contact Information or Business Information will be released to the public without your express written permission. ESAC will also make available your company’s Contact Information and Business Information to any state and federal regulator to whom you have authorized access to such information on the ESAC site as part of your request to take advantage of ESAC’s alternative registration/licensing compliance program as approved by that state or federal agency. It will be your responsibility to notify ESAC of your desire to cancel any such access to this confidential information. We will maintain your Contact and Business Information in our secure and protected information databases as long as you maintain accreditation.
If you wish to take advantage of a voluntary and free subscription to the ESAC Edge, ESAC’s e-newsletter, your e-mail address will only be used to send newsletter issues to you. If you wish to opt-out of receiving the ESAC Edge, please follow the unsubscribe link in the footer of each newsletter or e-mail info@ESAC.org.
We do not resell, trade or rent any of your personally identifiable information to anyone.
Non-Personally Identifiable Information:
We may aggregate Non-Personally Identifiable Information to create statistical data, which will be used to help analyze site traffic and improve our services. We may also use such aggregated information to describe ESAC’s website services to potential partners or other third parties. At no point, however, will the aggregated information identify you, your business or your clients.
We reserve the right to disclose any Personally Identifiable Information or Non-Personally Identifiable Information if required to do so by law or if we believe that such action is necessary in order to (i) conform with the requirements of the law or to comply with legal process served on ESAC; (ii) to protect or defend the legal rights or property of ESAC, the ESAC site, or its users; or (iii) in an emergency to protect the health and safety of ESAC’s website users or the general public.
In accordance with the Children’s Online Privacy Protection Act (COPPA), we never collect or maintain information on our website from those we actually know are under the age of 13, and no part of our website is structured to attract anyone under 13.
California Information-Sharing Disclosure: California residents may request a list of all third parties with respect to which we have disclosed any information about you for direct marketing purposes and the categories of information disclosed. If you are a California resident and want such a list, please send us a written request by email to Legal@ESAC.org with “California Privacy Rights” in the subject line.
Technologies such as cookies, beacons, tags and scripts are used by ESAC and our analytics and programming service providers. These technologies are used in analyzing trends, administering the site, tracking users’ movements within the site and gathering demographic information about our user base. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
As is true of most websites, we gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information, which does not identify individual users, to analyze trends, to administer the site, to track users’ movements around the site and to gather demographic information about our user base as a whole. We do not link this data to personally identifiable information.
SOCIAL MEDIA WIDGETS
We have security measures in place to protect against the loss, misuse and alteration of the information under our control, both online and offline. The ESAC site operates secure data networks protected by industry standard firewall and password protection systems. We use a reputable third-party company for encryption of data being sent via the Internet between the browser and our servers. The servers on which we store your personally identifiable information are kept in a secure environment using industry-standard back-up and security procedures and protections.
All application, accreditation and user information is restricted in our offices. All employees have been verified as having a history of honesty and trustworthiness and have signed a non-disclosure agreement prohibiting the unauthorized disclosure, use or distribution of any client or user-related information. Furthermore, all employees are kept up to date on our security and privacy policies and practices and on the importance of securely and confidentially maintaining and working with all client information.
Access to ESAC’s office is restricted after normal business hours with building entry security cards and entry codes for office access. The building is also equipped with security cameras and a burglar alarm system and has a security guard on the premises after normal business hours and on weekends.
To protect user privacy and security, ESAC reserves the right to take reasonable steps to verify user identity prior to granting access or processing changes or corrections. Any requests for access to personal information will be answered within thirty (30) days. Although we strive to protect our users’ personally identifiable information and privacy, please be advised that we cannot guarantee that the security precautions we take will prevent third parties from illegally obtaining your information. However, our procedures provide you with authentication, confidentiality, and data integrity that meets established industry standards.
Be advised that anyone providing a testimonial will have their name, title and possibly the name of their company displayed for public viewing. If you wish to update or delete your testimonial, contact us at info@ESAC.org.
TRANSFER OF SERVICES
CONDITIONS OF USE, CONCERNS
NOTIFICATION OF CHANGES
We will retain your information for as long as needed to provide you services. If you wish to terminate your accreditation or request that we no longer use your information to provide you services, contact us at info@ESAC.org. We will retain your information in accordance with our Data Retention Policy and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
CHANGES TO INFORMATION AND QUESTIONS
Each participating user can access and update their personally identifiable information online. Each participating firm also has one or more designated account administrators who can add or delete users and access and update the information of the participating firm and that of all of its users.