Updated 18 July 2019
Protection of Your Privacy
Controller and Processor
Our full details are:
Full name of legal entity: Frost & Sullivan
You can also contact us through our customer contact page.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (https://ico.org.uk). In the UK, please read: https://ico.org.uk/for-the-public/raising-concerns/ for details of how to do this. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Information We Collect About You
When You Visit our Websites
You are free to explore the Websites without providing any Personal data about yourself. When you visit the Websites or register for services, we request that you provide Personal data about yourself, and we collect Navigational Information.
Registration at Frost & Sullivan Events
Registration at a Frost & Sullivan event is subject to review and approval of your application by Frost & Sullivan. Frost & Sullivan reserves the right to decline attendance to events which your company would be deemed a vendor to the market, as participation at Frost & Sullivan events is restricted to end user practitioners. By registering for a Frost & Sullivan event you acknowledge film, video and photographs are being taken at this event. By your registration and presence at a Frost & Sullivan event, you give unqualified consent to Frost & Sullivan, its agents, licenses to record, use and publicize your voice, actions likeness and appearance in any manner and media, worldwide in perpetuity. If you wish to avoid being recorded, please do not register or enter the event.
If You Fail to Provide Personal Data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. (for example, where you do not provide your personal data in relation to a consulting engagement). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
This refers to any information that you voluntarily submit to us, that identifies you personally, including contact information, such as your name, e-mail address, company name, address, phone number, and other information about yourself or your business. Personal data can also include information about any transactions, both free and paid, that you enter into on the Websites, and information about you that is available on the internet, such as from Facebook, LinkedIn, Twitter and Google, or publicly available information that we acquire from service providers.
This refers to information about your computer and your visits to this website such as your IP address, geographical location, browser type, referral source, length of visit and pages viewed. Please see the “Navigation Information” section below.
We collect and process payment information from you when you subscribe to events and/or the Subscription Service, including credit cards numbers and billing information, using third-party PCI-compliant service providers. Except for this, we do not collect Sensitive Information from you.
Information About Children
The Websites are not intended for or targeted at children under 18, and we do not knowingly or intentionally collect information about children under 18. If you believe that we have collected information about a child under 18, please contact us, so that we may delete the information.
How We Use Information We Collect
We Never Sell Personal data
We will never sell your Personal data to any third party.
Use of Personal data
Use of Navigational Information
We use Navigational Information to operate and improve the Websites. We may also use Navigational Information alone or in combination with Personal data to provide you with personalized information about Frost & Sullivan.
Customer Testimonials and Comments
We post customer testimonials and comments on our Websites, which may contain Personal data. We obtain each customer’s consent via email and product evaluations before posting the customer’s name and testimonial.
Use of Credit Card Information
If you give us credit card information, we use it solely to check your financial qualifications and collect payment from you. We use a third-party service provider to manage credit card processing. This service provider is not permitted to store, retain, or use information you provide except for the sole purpose of credit card processing on our behalf.
We employ other companies and people to provide services to visitors to our Websites, our customers, and users of our services, we may need to share your information with them to provide information, products or services to you. Examples may include analyzing data, providing marketing assistance, processing credit card payments, supplementing the information you provide us in order to provide you with better service, and providing customer service. In all cases where we share your information with such agents, we explicitly require the agent to acknowledge and adhere to our privacy and customer data handling policies.
International Transfer of Information Collected
Your Personal Data may be collected, transferred to and stored by us in the United States and by our affiliates in other countries where we operate.
Under certain limited conditions, individuals have the right to invoke binding arbitration before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission. Please click the following link for more information – https://www.privacyshield.gov/article?id=ANNEX-I-introduction
Your Personal Data may be processed outside the EEA, and in countries which are not subject to an adequacy decision by the European Commission and which may not provide for the same level of data protection in the EEA. In this event, we will ensure that such recipient offers an adequate level of protection, for instance by entering into standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR), or we will ask you for your prior consent to such international data transfers.
In compliance with the Privacy Shield Principles, Frost & Sullivan commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Frost & Sullivan at: firstname.lastname@example.org
Frost & Sullivan has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU.
Transfers to Third Parties:
We have the responsibility for the processing of personal information we receive under the Privacy Shield and subsequently transfer to a third party acting as an agent on our behalf.
We shall remain liable under the Principles if our agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.
Frost & Sullivan regularly reviews how we’re meeting these privacy promises, and we provide an independent way to resolve complaints about our privacy practices. Frost & Sullivan is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
Social Media Features
We offer publicly accessible message boards, blogs, and community forums. Please keep in mind that if you directly disclose any information through our public message boards, blogs, or forums, this information may be collected and used by others. We will correct or delete any information you have posted on the Websites if you so request, as described in “Opting Out and Unsubscribing” below.
How We Are Preparing For GDPR
Frost & Sullivan already has a consistent level of data protection and security across our organisation.
– carrying out a company-wide information audit to identify and assess what personal information we hold, where it comes from, how and why it is processed, where it is stored, and if and to whom it is disclosed.
Policies & Procedures –
implementing new data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including:
– our main policy and procedure document for data protection has been overhauled to meet the standards and requirements of the GDPR. Accountability and governance measures are in place to ensure that we understand and adequately disseminate and evidence our obligations and responsibilities; with a dedicated focus on privacy by design and the rights of individuals.
Data Retention & Erasure
– we are in the process of updating our retention policy and schedule to ensure that we meet the ‘data minimisation’ and ‘storage limitation’ principles and that personal information is stored, archived and destroyed compliantly and ethically. We are actively working towards putting dedicated erasure procedures in place to meet the new ‘Right to Erasure’ obligation and are aware of when this and other data subject’s rights apply; along with any exemptions, response timeframes and notification responsibilities.
– our breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach within 72 hours of becoming aware of the breach. Our procedures are robust and have been disseminated to all employees, making them aware of the reporting lines and steps to follow.
International Data Transfers & Third-Party Disclosures
– where Frost & Sullivan stores or transfers personal information outside the EU, we are actively working towards having procedures and safeguarding measures in place to secure, encrypt and maintain the integrity of the data. Our procedures will include a continual review of the countries with sufficient adequacy decisions, as well as provisions for Binding Corporate Rules; standard data protection clauses or approved codes of conduct for those countries without. We will be carrying out strict due diligence checks with all recipients of personal data to assess and verify that they have appropriate safeguards in place to protect the information, ensure enforceable data subject rights and have effective legal remedies for data subjects where applicable.
Data Subject Access Request (DSAR)
– we are actively revising our DSAR procedures to accommodate the revised 30-day timeframe for providing the requested information. Our new procedures will detail how to verify the data subject, what steps to take for processing an access request, what exemptions apply and a suite of response templates to ensure that communications with data subjects are compliant, consistent and adequate.
Legal Basis for Processing
– we are reviewing all processing activities to identify the legal basis for processing and ensuring that each basis is appropriate for the activity it relates to. Where applicable, we also maintain records of our processing activities, ensuring that our obligations under Article 30 of the GDPR and Schedule 1 of the Data Protection Bill are met.
– we have revised our Privacy Notice(s) to comply with the GDPR, ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.
– we have revised our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information. We have developed stringent processes for recording consent, making sure that we can evidence an affirmative opt-in, along with time and date records; and an easy to see and access way to withdraw consent at any time.
– we have revised the wording and processes for direct marketing, including clear opt-in mechanisms for marketing subscriptions; a clear notice and method for opting out and providing unsubscribe features on all subsequent marketing materials.
Data Protection Impact Assessments (DPIA)
– where we process personal information that is considered high risk, involves large scale processing or includes special category/criminal conviction data; we have developed stringent procedures and assessment templates for carrying out impact assessments that comply fully with the GDPR’s Article 35 requirements. We have implemented documentation processes that record each assessment, allow us to rate the risk posed by the processing activity and implement mitigating measures to reduce the risk posed to the data subject(s).
– where we use any third-party to process personal information on our behalf, we are in the process of drafting compliant Processor Agreements and due diligence procedures for ensuring that they (as well as we), meet and understand their/our GDPR obligations. These measures include initial and ongoing reviews of the service provided, the necessity of the processing activity, the technical and organisational measures in place and compliance with the GDPR.
Special Categories Data –
where we obtain and process any special category information, we do so in complete compliance with the Article 9 requirements and have high-level encryptions and protections on all such data. Special category data is only processed where necessary and is only processed where we have first identified the appropriate Article 9(2) basis or the Data Protection Bill Schedule 1 condition. Where we rely on consent for processing, this is explicit and is verified by a signature, with the right to modify or remove consent being clearly signposted.
If we (or our assets) are acquired by another company, whether by merger, acquisition, bankruptcy or otherwise, that company would receive all information gathered by Frost & Sullivan on the Websites. In this event, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your Personal data, and choices you may have regarding your Personal data.
We reserve the right to use or disclose your Personal data if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process.
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you. We only use the data you provide to us directly for this purpose along with the Aggregated Data provided to us by our analytics partners and we do not track what other websites you may visit after visiting our site, though in common with most websites, we may register the site which referred you to our site (e.g. a search engine).
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
We generally only send electronic marketing – such as email marketing – to people who have previously bought similar products from us and this is in our legitimate interests. We will always offer a way out of receiving this marketing when you first purchase our products and in every marketing communication afterwards. We may on occasion send out postal marketing for the purpose of growing our sales which is in our legitimate interests and in this scenario we will rely on you to let us know if you do not want to receive this by opting out of marketing (see Opting out below).
Where you have not previously bought from us but have registered your details with us (for example by signing up for a newsletter), we will only send you marketing communications if you opted into receiving marketing at the time and so given us your express consent (which you may withdraw at any time – see Opting out below).
We use “cookies” to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a Web server. Cookies are not used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a Web server in the domain that issued the cookie to you. One of the primary purposes of cookies is to provide a convenience feature to save you time. The use of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalize pages on our Websites, or register for services, a cookie helps us to recall your specific information on subsequent visits. When you return to the same Website, the information you previously provided can be retrieved, so you can efficiently use the customized features.
You can accept or decline cookies. Most Web browsers automatically allow cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to reject cookies, you may not be able to fully experience the interactive features of Frost & Sullivan Services or Websites you visit. To learn how to adjust your browser cookie settings, please read the
How do I change my cookie settings?
We may collect demographic information, such as your ZIP code, age, gender, preferences, interests, and favorites using log files that are not associated with your name or other personal data. There is also information about your computer hardware and software that is automatically collected by us. This information can include your IP address, browser type, domain names, internet service provider (ISP), the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, clickstream data, access times and referring website addresses. This information is used by Frost & Sullivan for the operation of our services, to maintain quality, and to provide general statistics regarding use of Frost & Sullivan Website(s). For these purposes, we do link this automatically-collected data to Personal data such as name, email address, address, and phone number.
Opting Out and Unsubscribing
Your Legal Rights – Reviewing, Correcting and Removing Your Personal Data
- What personal data we hold about them
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for
- If we did not collect the data directly from them, information about the source
- The right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
- The right to receive your personal data in a structured, commonly used machine-language and the right to transmit those data to another controller
- The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
- The right to lodge a complaint or seek judicial remedy and who to contact in such instances
No Fee Usually Required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What We May Need From You
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
How Long Will You Store My Personal Data For?
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. For example, details of your orders will be kept for as long as we need to retain that data to comply with our legal and regulatory requirements.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Time Limit to Respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
To exercise any of these rights, contact us marking your query for the attention of the DPO.
Frost & Sullivan takes the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure the personal data that we process.
Security of your Personal data
We use a variety of security technologies and procedures to help protect your Personal data from unauthorized access, use or disclosure. We secure the Personal data you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. When sensitive Personal data (such as a credit card number and/or geo-location data) is collected on our Websites and/or transmitted to other websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.
We have robust information security policies and procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures, including:
- Cyber Essential accreditation.
- Latest generation firewalls with latest patches at each location.
- Secure VPNs between regional & global locations.
- MPLS network connecting the major European offices.
- Strict access management controls to all areas on the file servers.
- Market leading threat detection with the latest patches on all servers & workstations.
- Workstation & removable media encryption.
- Market leading appliance web security & control protection.
- Mobile device management on all company owned hand-held devices.
- Regular vulnerability and penetration testing.
- Clustered mail servers on separate sites for DR purposes.
- Full network fail-over resilience.
- IT infrastructure located in air-conditioned rooms behind security locked doors.
- GFS backup rotation system with media stored either in fire proof safes or off-site.
- Secure data destruction once IT equipment reaches end of life.
Our Acceptable Use Policy, applies to us and our customers and, among other things, prohibits us from sending unsolicited commercial email in violation of applicable laws, and requires the inclusion in every email sent using the Subscription Service of an “opt-out” mechanism and other required information. We require all of our customers to agree to adhere to the Acceptable Use Policy at all times, and any violations of the Acceptable Use Policy by a customer can result in immediate suspension or termination of the Subscription Service.
To Unsubscribe From Our Communications
You may unsubscribe from our marketing communications by clicking on the “unsubscribe” link located on the bottom of our e-mails. Customers cannot opt out of receiving transactional emails related to their account with us.
We are committed to protecting your right to privacy as a user of Frost.com
If you log into Frost.com, we collect personal data in order to register you as a user, including your name, e-mail address, phone number, and address. Your personal data will be kept confidential and will be used for our research, marketing, and strategic client analysis objectives, although, this information will be used for our internal business purposes only. Frost & Sullivan’s Brand and Demand Solutions Practice does host and market additional sites to promote white papers, webinars and more for paying partners which will require a unique registration. For these gated sites, contact information is shared with the paying sponsor.
We will not trade, sell, or in any way divulge your contact information to anyone outside of Frost & Sullivan. We shall send you information about our various products and services or other products and services that we feel may be of interest to you. If you do not wish to receive any unsolicited mail from us, unsubscribe instructions are contained in each of the emails.
For more information about Frost & Sullivan and our regulations or services, feel free to contact us.
How do I change my cookie settings?
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.
Find out how to manage cookies on popular browsers:
To find information relating to other browsers, visit the browser developer’s website.
To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.