SB Brand-Led Culture Change 2024 - Full Program Announced!

Privacy Policy

Last updated: February 7, 2023


Sustainable Brands ("us", "we", or "our") operates the Sustainable Brands’ website at sustainablebrands.com and various websites and digital services operating from subdomains thereof, the Brands For Good website at sbbrandsforgood.com, the SB Brand Transformation Roadmap Self-Assessment Tool at sbroadmap.com and various subdomains thereof (“BTR Services”), and other software and services that Sustainable Brands makes available for purchase (collectively the "Service").

This Privacy Policy explains our policies and practices regarding the collection, use and disclosure of certain information, including Your personal data, when You use the Service and the choices You have associated with that data. Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible at https://pages.sustainablebrands.com/terms-of-service.

By using the Service, You agree to the collection and use of information in accordance with this policy. 

Definitions

Personal Data means data about a living individual who can be identified from those data, or from those in combination with other information either in our possession or likely to come into our possession.

Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

BTR Data means all electronic data or information submitted by You to BTR Services, including Your responses to statements in the SB Brand Transformation Roadmap Self-Assessment Tool.

Data means all information submitted by You to the Service or collected automatically about You, including but not limited to Personal Data, Usage Data, and BTR Data.

Cookies are files stored on Your computer or mobile device (“Device”) that contain a small amount of data and may include an anonymous unique identifier. Cookies are sent to Your browser from a website and stored on Your Device.

Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed. For the purpose of this Privacy Policy, we are a Data Controller of Your Personal Data.

Data Processors (or Service Providers) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process Your data more effectively.

Data Subject (or User) is any living individual who is using the Service and is the subject of Personal Data.

Information Collection

We collect several different types of information for various purposes to provide and improve the Service to You. Types of Data collected:

Personal Data

While using the Service, we may ask You to provide us with certain Personal Data included but not limited to:

In certain cases, we are contractually obligated to share Your data with a third-party sponsor or advertiser (e.g. webinars, sponsored content, etc.). In these cases we will make it clear Your data is being shared. You will have the option not to have that data shared by not taking part in that particular program.

Usage Data

We may also collect Usage Data related to how the Service is accessed and used. This Usage Data may include information such as Your computer's Internet Protocol address (“IP address”), browser type, browser version, the pages of the Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Location Data

We may use and store information about Your location if You give us permission to do so ("Location Data"). We use this data to provide features of the Service, to improve and customise the Service.

You can enable or disable location services when You use the Service at any time by way of Your device settings.

Cookies and Tracking

We use cookies and similar tracking technologies such as pixels, tags and scripts to track information and activity on the Service and to analyze the Service.

Examples of Cookies we use:

You can instruct Your browser to refuse all cookies or to indicate when a cookie is being sent. However, if You do not accept cookies, You may not be able to use some portions of the Service.

For details about our use of tracking pixels and scripts in conjunction with third party services, please refer to the section of this Privacy Policy entitled “Service Providers.”

Use of Data

Sustainable Brands uses the collected data for various purposes:

In the event that You create an Account on the Service, You agree that we may use Your Personal Data to contact You with newsletters, special offers or promotional materials and other information that we may send. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or the instructions provided in any email we send.

Opting-Out

Please note that you can decline to have Your Personal Data collected via third party tracking technologies by navigating to the settings feature in Your browser and declining all third party cookies or declining third party cookies from specific sites, or, for mobile, limiting ad tracking or resetting the advertiser identifier via the privacy settings on Your mobile device. Our partners, such as NextRoll and Google, may use non-cookie technologies that may not be impacted by browser settings that block cookies. Your browser may not permit you to block such technologies. For this reason you can use the following third-party opt-out tools to decline the collection and use of Your Personal Data for the purpose of serving you interest-based advertising:

We reserve the right to use BTR Data, in whole to provide the BTR Services, and in anonymized, aggregated form to generate benchmarks to provide the BTR Services and related products and marketing.

Legal Basis for Processing Personal Data under the General Data Protection Regulation (GDPR)

If You are from the European Economic Area (EEA), Sustainable Brands legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it.

Sustainable Brands may process Your Personal Data because:

Retention of Data

Sustainable Brands will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain Your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.

Sustainable Brands will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of the Service, or we are legally obligated to retain this data for longer periods.

Transfer of Data

Your information, including Personal Data, may be transferred to - and maintained on - computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of Your jurisdiction.

If You are located outside the United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United States and process it there.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

Sustainable Brands will take all the steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

Disclosure of Data

Disclosure for Law Enforcement

Under certain circumstances, Sustainable Brands may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Legal Requirements

Sustainable Brands may disclose Your Personal Data in the good faith belief that such action is necessary to:

Security of Data

The security of Your data is important to us but no method of transmission over the Internet or electronic storage is 100% secure. We strive to maintain commercially reasonable administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Your Data, though we cannot guarantee its absolute security.

Regarding BTR Data, we shall not (a) modify BTR Data except to the extent required to provide the BTR Services, (b) disclose BTR Data except as compelled by law or as expressly permitted in writing by You or the administrator of the BTR Services, or (c) access BTR Data other than in a fully anonymized, aggregated form, except to provide the BTR Services and prevent or address service or technical problems, or in connection with customer support matters. 

Our Policy on "Do Not Track" Signals under the California Online Protection Act (CalOPPA)

We do not support Do Not Track ("DNT"). Do Not Track is a preference You can set in Your web browser to inform websites that You do not want to be tracked.

You can enable or disable Do Not Track by visiting the Preferences or Settings page of Your web browser.

Your Data Protection Rights under the General Data Protection Regulation (GDPR)

If You are a resident of the European Economic Area (EEA), You have certain data protection rights. Sustainable Brands aims to take reasonable steps to allow You to correct, amend, delete or limit the use of Your Personal Data.

If You wish to be informed about what Personal Data we hold about You and if You want it to be removed from our systems, please contact us.

In certain circumstances, You have the following data protection rights:

The right to access, update or delete the information we have on You. Whenever made possible, You can access, update or request deletion of Your Personal Data directly within Your account settings section. If You are unable to perform these actions Yourself, please contact us to assist You.

The right of rectification. You have the right to have Your information rectified if that information is inaccurate or incomplete.

The right to object. You have the right to object to our processing of Your Personal Data.

The right of restriction. You have the right to request that we restrict the processing of Your personal information.

The right to data portability. You have the right to be provided with a copy of the information we have on You in a structured, machine-readable and commonly used format.

The right to withdraw consent. You also have the right to withdraw Your consent at any time where Sustainable Brands relied on Your consent to process Your personal information.

Please note that we may ask You to verify Your identity before responding to such requests.

You have the right to complain to a Data Protection Authority about our collection and use of Your Personal Data. For more information, please contact Your local data protection authority in the European Economic Area (EEA).

Service Providers

We may employ third party companies and individuals to facilitate the Service ("Service Providers"), provide the Service on our behalf, perform Service-related services or assist us in analysing how the Service is reached and/or used.

These third parties have access to Your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Analytics

We may use third-party Service Providers to monitor and analyse the use of the Service.

Google Analytics

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of the Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

You can opt-out of having made Your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity.

For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy?hl=en

Advertising and Conversion Tracking

We may use third-party Service Providers to show advertisements to You to help support and maintain the Service, and/or to track Your behavior after You have been redirected to one of our websites by clicking on an advertisement on a third-party social networking service.

AdRoll Pixel and Cookies

We use AdRoll’s pixel and cookies to gather information about You for use in targeting advertising on the AdRoll platform (a product from NextRoll). California visitors to the Service may review NextRoll’s Service Privacy Notice for California Residents

Facebook Conversion Tracking

We use the “visitor action pixels” from Facebook Inc (1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)) on some websites associated with the Service. This allows Your behavior to be tracked after You have been redirected to one of our websites by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing You, based on our knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Usage Policy https://www.facebook.com/about/privacy. You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes. The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter of GDPR. You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting the following address: https://www.facebook.com/settings?tab=ads.

Google Ad Manager and AdSense DoubleClick Cookies

Google, as a third party vendor, uses cookies to serve ads on the Service. 

Google Ad Manager is an ad serving platform that helps streamline ad management, and provides metrics on impressions, clicks, and ad revenue. Google AdSense is a service that displays ads next to online content. 

Google uses Google Ad Manager and AdSense/DoubleClick cookies to enable it and its partners to serve ads to You based on Your visit to the Service or other websites on the Internet.

Google Ad Manager’s privacy policy may be viewed at: https://policies.google.com/technologies/ads?hl=en-US

You may opt out of the use of the DoubleClick Cookie for interest-based advertising by visiting the Google Ads Settings web page: http://www.google.com/ads/preferences

LinkedIn Conversion Tracking

We use the Conversion Tracking and Website Analytics features of LinkedIn (1000 W Maude Ave, Sunnyvale, CA 94085, “LinkedIn”) on some websites associated with the Service. LinkedIn stores a cookie on Your computer and uses tags, pixels, and APIs to send data to LinkedIn to enable an analysis of Your use of the Service. LinkedIn Conversion Tracking tracks the actions of users after they have viewed or interacted with ads on LinkedIn, and allows us to assign conversions such as link clicks, shares, or “like” data. The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f of GDPR. If you wish to object to tracking, you can do so using the Digital Advertising Alliance tool at www.aboutads.info/choices.

Twitter Conversion Tracking

We use the Conversion Tracking Service of Twitter Inc. (1355 Market Street #900, San Francisco, California 94103, “Twitter”) on some websites associated with the Service. Twitter stores a cookie on the user’s computer to enable an analysis of the use of our online products and services. Twitter Conversion Tracking tracks the actions of users after they have viewed ads or interacted with ads on Twitter. Twitter’s Conversion Tracking allows you to assign conversions such as link clicks, retweets or “like” data. The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f of GDPR. If you wish to object to tracking, you can do so using the Digital Advertising Alliance tool at www.aboutads.info/choices.


Payments

We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g. payment processors).

We will not store or collect Your payment card details. That information is provided directly to our third-party payment processors whose use of Your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

The payment processors we work with are:

Stova

Their privacy policy can be viewed at https://www.aventri.com/privacy-policy

Stripe

Their privacy policy can be viewed at https://stripe.com/privacy

Hosting and Authenticating Users of the Service

1&1 IONOS


We host portions of the Service on Ionos. Some of Your Data may be colocated on their servers, including log files that contain information about Your activities while using the Service. Ionos’ privacy policy can be viewed at: https://www.ionos.com/terms-gtc/terms-privacy/


Microsoft Azure


We host the BTR Services on Microsoft Azure. Legal information about Microsoft Azure can be viewed at: https://azure.microsoft.com/en-us/support/legal/


Amazon Cognito Federated Identities


Amazon Cognito Federated Identities (“Cognito”) is a web service that delivers temporary credentials to web browsers, mobile devices, and other environments. Cognito uses Your email address to uniquely identify and authenticate Your devices when You access the Service. 


For more information on Amazon’s AWS data privacy practices, see their FAQ at: https://aws.amazon.com/compliance/data-privacy-faq/


For further information on Data Protection in Amazon Cognito, see: https://docs.aws.amazon.com/cognito/latest/developerguide/data-protection.html

Customer Data Management and Marketing

Salesforce


We use the Salesforce Platform (“Salesforce”) to manage customer data for the purposes of fulfilling product and service purchases and informing our sales and marketing efforts. When you purchase products or services from us, portions of Your Personal Data may be stored in Salesforce including Your name, email address, company, phone number, and/or other information that You have provided to us.


We also use Salesforce Experience Cloud to enable our Member Hub private messaging and discussion forums for our Members and other purposes. Any posts, notes, chat entries, Personal Data, and/or other content that You submit to Member Hub are stored on Salesforce’s servers.


Any such data is subject to Salesforce’s privacy policy. Their current Privacy Statement can be viewed at: https://www.salesforce.com/company/privacy/full_privacy/


Pardot


Pardot is a marketing automation tool provided by Salesforce. Pardot uses cookies to track visitor and prospect activities on our website. These cookies are set to remember preferences when individuals return to our site, such as form field values. For more information, visit: Pardot Privacy Policy and Pardot Cookies and Activity Tracking.


Zapier


We use Zapier to automate transporting customer data between Salesforce and Stova, and as such Your Data may pass through their servers. Their privacy policy may be viewed at: https://zapier.com/privacy


Virtual Events and Video Conferencing

Anymeeting


We use Intermedia’s Anymeeting service to host and operate certain online webinars. Their privacy policy can be viewed at: https://www.intermedia.com/assets/pdf/legal/privacypolicy.pdf

Stova


We use Stova to host and operate many of our virtual events. Their privacy policy can be viewed at: https://www.aventri.com/privacy-policy


Zoom


We use Zoom to host many of our online meetings for our membership groups, and for other purposes. Their privacy policy can be viewed at: https://zoom.us/privacy


Links to Other Sites

The Service may contain links to third party websites or services that are not owned or controlled by us. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services. We do not warrant the offerings of any of these entities/individuals or their websites. You acknowledge and agree that Sustainable Brands shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods or services available on or through any such third party websites or services. 

If You click a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of any third party websites or services that You visit.

Children's Privacy

The Service does not address anyone under the age of 18 ("Children").

We do not knowingly collect personally identifiable information from anyone under the age of 18. If You are a parent or guardian and You are aware that Your Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We will let You know via email and/or a prominent notice on the Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If You have any questions about this Privacy Policy, please contact us:

By email: [email protected]

By visiting this page on our website: https://sustainablebrands.com/corporate