Updated 1 July 2020
Protection of Your Privacy
Controller and Processor
Our full details are:
Full name of legal entity: Frost & Sullivan
You can also contact us through our customer contact page.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (https://ico.org.uk). In the UK, please read: https://ico.org.uk/for-the-public/raising-concerns/ for details of how to do this. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Information We Collect About You
When You Visit our Websites
You are free to explore the Websites without providing any Personal data about yourself. When you visit the Websites or register for services, we request that you provide Personal data about yourself, and we collect Navigational Information.
Registration at Frost & Sullivan Events
Registration at a Frost & Sullivan event is subject to review and approval of your application by Frost & Sullivan. Frost & Sullivan reserves the right to decline attendance to events which your company would be deemed a vendor to the market, as participation at Frost & Sullivan events is restricted to end user practitioners. By registering for a Frost & Sullivan event you acknowledge film, video and photographs are being taken at this event. By your registration and presence at a Frost & Sullivan event, you give unqualified consent to Frost & Sullivan, its agents, licenses to record, use and publicize your voice, actions likeness and appearance in any manner and media, worldwide in perpetuity. If you wish to avoid being recorded, please do not register or enter the event.
If You Fail to Provide Personal Data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. (for example, where you do not provide your personal data in relation to a consulting engagement). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
This refers to any information that you voluntarily submit to us, that identifies you personally, including contact information, such as your name, e-mail address, company name, address, phone number, and other information about yourself or your business. Personal data can also include information about any transactions, both free and paid, that you enter into on the Websites, and information about you that is available on the internet, such as from Facebook, LinkedIn, Twitter and Google, or publicly available information that we acquire from service providers.
This refers to information about your computer and your visits to this website such as your IP address, geographical location, browser type, referral source, length of visit and pages viewed. Please see the “Navigation Information” section below.
We collect and process payment information from you when you subscribe to events and/or the Subscription Service, including credit cards numbers and billing information, using third-party PCI-compliant service providers. Except for this, we do not collect Sensitive Information from you.
Information About Children
The Websites are not intended for or targeted at children under 18, and we do not knowingly or intentionally collect information about children under 18. If you believe that we have collected information about a child under 18, please contact us, so that we may delete the information.
How We Use Information We Collect
We Never Sell Personal data
We will never sell your Personal data to any third party.
Use of Personal data
Use of Navigational Information
We use Navigational Information to operate and improve the Websites. We may also use Navigational Information alone or in combination with Personal data to provide you with personalized information about Frost & Sullivan.
Customer Testimonials and Comments
We post customer testimonials and comments on our Websites, which may contain Personal data. We obtain each customer’s consent via email and product evaluations before posting the customer’s name and testimonial.
Use of Credit Card Information
If you give us credit card information, we use it solely to check your financial qualifications and collect payment from you. We use a third-party service provider to manage credit card processing. This service provider is not permitted to store, retain, or use information you provide except for the sole purpose of credit card processing on our behalf.
We employ other companies and people to provide services to visitors to our Websites, our customers, and users of our services, we may need to share your information with them to provide information, products or services to you. Examples may include analyzing data, providing marketing assistance, processing credit card payments, supplementing the information you provide us in order to provide you with better service, and providing customer service. In all cases where we share your information with such agents, we explicitly require the agent to acknowledge and adhere to our privacy and customer data handling policies.
International Transfer of Information Collected
Your Personal Data may be collected, transferred to and stored by us in the United States and by our affiliates in other countries where we operate.
Under certain limited conditions, individuals have the right to invoke binding arbitration before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission. Please click the following link for more information – https://www.privacyshield.gov/article?id=ANNEX-I-introduction
Your Personal Data may be processed outside the EEA, and in countries which are not subject to an adequacy decision by the European Commission and which may not provide for the same level of data protection in the EEA. In this event, we will ensure that such recipient offers an adequate level of protection, for instance by entering into standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR), or we will ask you for your prior consent to such international data transfers.
In compliance with the Privacy Shield Principles, Frost & Sullivan commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Frost & Sullivan at: firstname.lastname@example.org
Frost & Sullivan has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU.
Transfers to Third Parties:
We have the responsibility for the processing of personal information we receive under the Privacy Shield and subsequently transfer to a third party acting as an agent on our behalf.
We shall remain liable under the Principles if our agent processes such personal information in a manner inconsistent with the Principles, unless the organization proves that it is not responsible for the event giving rise to the damage.
Frost & Sullivan regularly reviews how we’re meeting these privacy promises, and we provide an independent way to resolve complaints about our privacy practices. Frost & Sullivan is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
Social Media Features
We offer publicly accessible message boards, blogs, and community forums. Please keep in mind that if you directly disclose any information through our public message boards, blogs, or forums, this information may be collected and used by others. We will correct or delete any information you have posted on the Websites if you so request, as described in “Opting Out and Unsubscribing” below.
How We Are Preparing For GDPR
Frost & Sullivan already has a consistent level of data protection and security across our organisation.
– carrying out a company-wide information audit to identify and assess what personal information we hold, where it comes from, how and why it is processed, where it is stored, and if and to whom it is disclosed.
Policies & Procedures –
implementing new data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including:
– our main policy and procedure document for data protection has been overhauled to meet the standards and requirements of the GDPR. Accountability and governance measures are in place to ensure that we understand and adequately disseminate and evidence our obligations and responsibilities; with a dedicated focus on privacy by design and the rights of individuals.
Data Retention & Erasure
– we are in the process of updating our retention policy and schedule to ensure that we meet the ‘data minimisation’ and ‘storage limitation’ principles and that personal information is stored, archived and destroyed compliantly and ethically. We are actively working towards putting dedicated erasure procedures in place to meet the new ‘Right to Erasure’ obligation and are aware of when this and other data subject’s rights apply; along with any exemptions, response timeframes and notification responsibilities.
– our breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach within 72 hours of becoming aware of the breach. Our procedures are robust and have been disseminated to all employees, making them aware of the reporting lines and steps to follow.
International Data Transfers & Third-Party Disclosures
– where Frost & Sullivan stores or transfers personal information outside the EU, we are actively working towards having procedures and safeguarding measures in place to secure, encrypt and maintain the integrity of the data. Our procedures will include a continual review of the countries with sufficient adequacy decisions, as well as provisions for Binding Corporate Rules; standard data protection clauses or approved codes of conduct for those countries without. We will be carrying out strict due diligence checks with all recipients of personal data to assess and verify that they have appropriate safeguards in place to protect the information, ensure enforceable data subject rights and have effective legal remedies for data subjects where applicable.
Data Subject Access Request (DSAR)
– we are actively revising our DSAR procedures to accommodate the revised 30-day timeframe for providing the requested information. Our new procedures will detail how to verify the data subject, what steps to take for processing an access request, what exemptions apply and a suite of response templates to ensure that communications with data subjects are compliant, consistent and adequate.
Legal Basis for Processing
– we are reviewing all processing activities to identify the legal basis for processing and ensuring that each basis is appropriate for the activity it relates to. Where applicable, we also maintain records of our processing activities, ensuring that our obligations under Article 30 of the GDPR and Schedule 1 of the Data Protection Bill are met.
– we have revised our Privacy Notice(s) to comply with the GDPR, ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.
– we have revised our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information. We have developed stringent processes for recording consent, making sure that we can evidence an affirmative opt-in, along with time and date records; and an easy to see and access way to withdraw consent at any time.
– we have revised the wording and processes for direct marketing, including clear opt-in mechanisms for marketing subscriptions; a clear notice and method for opting out and providing unsubscribe features on all subsequent marketing materials.
Data Protection Impact Assessments (DPIA)
– where we process personal information that is considered high risk, involves large scale processing or includes special category/criminal conviction data; we have developed stringent procedures and assessment templates for carrying out impact assessments that comply fully with the GDPR’s Article 35 requirements. We have implemented documentation processes that record each assessment, allow us to rate the risk posed by the processing activity and implement mitigating measures to reduce the risk posed to the data subject(s).
– where we use any third-party to process personal information on our behalf, we are in the process of drafting compliant Processor Agreements and due diligence procedures for ensuring that they (as well as we), meet and understand their/our GDPR obligations. These measures include initial and ongoing reviews of the service provided, the necessity of the processing activity, the technical and organisational measures in place and compliance with the GDPR.
Special Categories Data –
where we obtain and process any special category information, we do so in complete compliance with the Article 9 requirements and have high-level encryptions and protections on all such data. Special category data is only processed where necessary and is only processed where we have first identified the appropriate Article 9(2) basis or the Data Protection Bill Schedule 1 condition. Where we rely on consent for processing, this is explicit and is verified by a signature, with the right to modify or remove consent being clearly signposted.
If we (or our assets) are acquired by another company, whether by merger, acquisition, bankruptcy or otherwise, that company would receive all information gathered by Frost & Sullivan on the Websites. In this event, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your Personal data, and choices you may have regarding your Personal data.
We reserve the right to use or disclose your Personal data if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process.
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you. We only use the data you provide to us directly for this purpose along with the Aggregated Data provided to us by our analytics partners and we do not track what other websites you may visit after visiting our site, though in common with most websites, we may register the site which referred you to our site (e.g. a search engine).
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
We generally only send electronic marketing – such as email marketing – to people who have previously bought similar products from us and this is in our legitimate interests. We will always offer a way out of receiving this marketing when you first purchase our products and in every marketing communication afterwards. We may on occasion send out postal marketing for the purpose of growing our sales which is in our legitimate interests and in this scenario we will rely on you to let us know if you do not want to receive this by opting out of marketing (see Opting out below).
Where you have not previously bought from us but have registered your details with us (for example by signing up for a newsletter), we will only send you marketing communications if you opted into receiving marketing at the time and so given us your express consent (which you may withdraw at any time – see Opting out below).
We use “cookies” to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a Web server. Cookies are not used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a Web server in the domain that issued the cookie to you. One of the primary purposes of cookies is to provide a convenience feature to save you time. The use of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalize pages on our Websites, or register for services, a cookie helps us to recall your specific information on subsequent visits. When you return to the same Website, the information you previously provided can be retrieved, so you can efficiently use the customized features.
You can accept or decline cookies. Most Web browsers automatically allow cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to reject cookies, you may not be able to fully experience the interactive features of Frost & Sullivan Services or Websites you visit. To learn how to adjust your browser cookie settings, please read the
How do I change my cookie settings?
We may collect demographic information, such as your ZIP code, age, gender, preferences, interests, and favorites using log files that are not associated with your name or other personal data. There is also information about your computer hardware and software that is automatically collected by us. This information can include your IP address, browser type, domain names, internet service provider (ISP), the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, clickstream data, access times and referring website addresses. This information is used by Frost & Sullivan for the operation of our services, to maintain quality, and to provide general statistics regarding use of Frost & Sullivan Website(s). For these purposes, we do link this automatically-collected data to Personal data such as name, email address, address, and phone number.
Opting Out and Unsubscribing
Your Legal Rights – Reviewing, Correcting and Removing Your Personal Data
- What personal data we hold about them
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for
- If we did not collect the data directly from them, information about the source
- The right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
- The right to receive your personal data in a structured, commonly used machine-language and the right to transmit those data to another controller
- The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
- The right to lodge a complaint or seek judicial remedy and who to contact in such instances
No Fee Usually Required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What We May Need From You
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
How Long Will You Store My Personal Data For?
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. For example, details of your orders will be kept for as long as we need to retain that data to comply with our legal and regulatory requirements.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Time Limit to Respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
To exercise any of these rights, contact us marking your query for the attention of the DPO.
California Consumer Protection Act (CCPA)
Information We Collect
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
- Category A – Identifiers
Examples: Name, postal address, Internet Protocol address, email address, Social Security number, or other similar identifiers.
- Category B – Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
Examples: Name, signature, address, telephone number, fax number.privac
- Category F – Internet or other similar network activity
Examples: Access history and information on your interaction with our website(s).
- Category I – Professional or employment-related information
Examples: Occupation, employer information.
We obtain the categories of personal information listed above from the following categories of sources:
- Directly from our clients or their agents. For example, from information our clients provide to us related to the Services for which they engage us.
- Directly from you. For example, through information we ask from you when our clients subscribe and engage our Services.
- Directly and indirectly from you when using our Services or visiting our website. For example, usage details collected automatically in the course of your interaction with our platform or website.
Use of Personal Information
We may use or disclose the personal information we collect for one or more of the following business purposes:
- To provide you with email alerts and other notices concerning our Services, or updates to your insurance application process.
- To improve our Services to you.
- For testing, research, analysis and product development.
- As necessary or appropriate to protect the rights, property or safety of us, our clients or others.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information
We may share your personal data with our event sponsors for the purpose of meeting with those sponsors at an event. Additionally, in the course of performing research or a survey, we may share summary data and statistics to convey the results of the study or survey.
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- The categories of personal information we collected about you.
- Our business or commercial purpose for collecting that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
Deletion Request Rights
You have the right to request that we delete any of your personal information we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by clicking this link contact us.
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to the registered email associated with the account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you use of our Services.
- Provide you a different level or quality of Services.
Changes to Our Privacy Notice
We reserve the right to amend this Privacy Notice at our discretion and at any time. The date this Privacy Notice was last updated is identified at the bottom of this page. You are responsible for periodically visiting our website and this Privacy Notice to check for any changes.
Frost & Sullivan takes the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure the personal data that we process.
Security of your Personal data
We use a variety of security technologies and procedures to help protect your Personal data from unauthorized access, use or disclosure. We secure the Personal data you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. When sensitive Personal data (such as a credit card number and/or geo-location data) is collected on our Websites and/or transmitted to other websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.
We have robust information security policies and procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures, including:
- Cyber Essential accreditation.
- Latest generation firewalls with latest patches at each location.
- Secure VPNs between regional & global locations.
- MPLS network connecting the major European offices.
- Strict access management controls to all areas on the file servers.
- Market leading threat detection with the latest patches on all servers & workstations.
- Workstation & removable media encryption.
- Market leading appliance web security & control protection.
- Mobile device management on all company owned hand-held devices.
- Regular vulnerability and penetration testing.
- Clustered mail servers on separate sites for DR purposes.
- Full network fail-over resilience.
- IT infrastructure located in air-conditioned rooms behind security locked doors.
- GFS backup rotation system with media stored either in fire proof safes or off-site.
- Secure data destruction once IT equipment reaches end of life.
Our Acceptable Use Policy, applies to us and our customers and, among other things, prohibits us from sending unsolicited commercial email in violation of applicable laws, and requires the inclusion in every email sent using the Subscription Service of an “opt-out” mechanism and other required information. We require all of our customers to agree to adhere to the Acceptable Use Policy at all times, and any violations of the Acceptable Use Policy by a customer can result in immediate suspension or termination of the Subscription Service.
To Unsubscribe From Our Communications
You may unsubscribe from our marketing communications by clicking on the “unsubscribe” link located on the bottom of our e-mails. Customers cannot opt out of receiving transactional emails related to their account with us.
We are committed to protecting your right to privacy as a user of Frost.com
If you log into Frost.com, we collect personal data in order to register you as a user, including your name, e-mail address, phone number, and address. Your personal data will be kept confidential and will be used for our research, marketing, and strategic client analysis objectives, although, this information will be used for our internal business purposes only. Frost & Sullivan’s Brand and Demand Solutions Practice does host and market additional sites to promote white papers, webinars and more for paying partners which will require a unique registration. For these gated sites, contact information is shared with the paying sponsor.
We will not trade, sell, or in any way divulge your contact information to anyone outside of Frost & Sullivan. We shall send you information about our various products and services or other products and services that we feel may be of interest to you. If you do not wish to receive any unsolicited mail from us, unsubscribe instructions are contained in each of the emails.
For more information about Frost & Sullivan and our regulations or services, feel free to contact us.
How do I change my cookie settings?
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.
Find out how to manage cookies on popular browsers:
To find information relating to other browsers, visit the browser developer’s website.
To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.