G&A Institute deeply values your privacy and the protection of your personal data. This privacy policy details the information we collect, the methods we use to obtain it, the purposes for which we use it, the process by which we obtain your consent, the period for which we retain it in our databases and, if necessary, with whom we share it.

In this privacy policy, the words "website(s)", refer to all the G&A Institute websites listed below,  "we",  "us",  "our",  and "G&A Institute", refers to Governance & Accountability Institute, Inc., and "customer", and "user", refers to you, the user or customer of G&A Institute.

By using websites and services, you accept the practices described in this privacy policy. Your use of websites and services is also subject to our terms and conditions. This privacy policy may change from time to time. Your continued use of websites and services after we make changes to this privacy policy is deemed to be acceptance of those changes, so please check this policy periodically for updates.

This privacy policy has been developed and is maintained in accordance with all applicable national and international privacy and data protection laws and regulations and specifically, the California Consumer Privacy Act (CCPA), the New York SHIELD Act and the General Data Protection Regulation (GDPR - European regulations).

1. General Information

The personal data of users that are collected and processed through:

• www.ga-institute.com
• www.sustainabilityHQ.com
• www.ga-institute.com/Sustainability-Update

Will be under the responsibility and in charge of:

• Governance & Accountability Institute, Inc.
• Email: info@ga-institute.com

2. How We Obtain Your Consent

By using G&A Institute websites, you give your explicit consent to the processing of your personal data in accordance with this Privacy Policy. This consent is understood to be freely given, specific, informed, and unambiguous when you do any of the following:
 

• Visits and browse our websites, which may involve the automatic collection of
• certain technical and usage data through cookies, log files, or other similar technologies;
• Completes any of the forms available on our websites to request information about our services, research, publications, or other initiatives related to corporate sustainability, ESG metrics, reporting, or regulatory compliance;
• Downloads resources available on our websites, such as technical documents, reports, case studies, or practical guides;
• Subscribes to our newsletters or any other communication channel provided by G&A Institute;
• Communicates with us through the contact forms provided on our websites or through the contact details provided;
• Participate in surveys, webinars, training sessions, virtual events, or any other interactive features available through the site;
• Provide personal data in the context of activities related to our educational, consulting, research, or outreach work;
• Expressly accept the use of cookies through the corresponding consent banner or configure your privacy preferences on the site.
   

The legal basis for the processing of personal data collected through the above activities is based, in the context of the European Union's General Data Protection Regulation (Regulation EU 2016/679 – GDPR), on the consent of the data subject in accordance with Articles 4(11) and 6(1)(a) of the Regulation. With regard to users located in the United States, processing is carried out in accordance with the principles of informed consent and transparency recognized in applicable state laws, including, but not limited to, the California Consumer Privacy Act (CCPA) and applicable New York state law.

In particular, G&A Institute is committed to complying with the provisions of New York privacy law applicable to companies that collect personal data online, including the principles of clear disclosure, data minimization, information security, and consumer rights. To the extent applicable, we comply with the New York SHIELD Act (Stop Hacks and Improve Electronic Data Security Act), which requires the implementation of administrative, technical, and physical security measures to protect the personal data of New York State residents and requires notification in the event of a data breach.

You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent prior to its withdrawal. Consent may be withdrawn through the contact channels provided by G&A Institute and described in this Privacy Policy.

3. Types Of Data Collected

G&A Institute collects various types of personal and non-personal data that users provide or that is automatically generated when interacting with our websites. This collection occurs when you perform any of the following actions: browse the site, fill out contact or information request forms, subscribe to the newsletters, download available resources, or communicate through our enabled channels. The data may be classified, without limitation, into the following categories:

a) Personally Identifiable Information

When users complete forms, download resources, or subscribe to our newsletters, we may collect:

• First and last name
• Email address
• Phone number
• Job title or professional designation
• Name of the organization or company to which the user belongs
• City, state, and country of residence
• Other identifiable information voluntarily provided by the user in open fields on forms

b) Contact and communications data

When you communicate with G&A Institute through our websites or our contact channels, we collect and store:

• Email address used for correspondence
• Phone number (if provided)
• Content of messages sent through contact forms or emails
• Communication preferences, such as newsletter subscriptions and confirmation of event participation

c) Technical and browsing data collected automatically

When you access and use our websites, certain data may be collected automatically, including:

• IP address of the device used
• Browser type and version
• Operating system and device type
• Unique device identifiers
• Date, time, and duration of visit
• Pages visited and navigation paths within the site
• Referrer URL or referring website

d) Analytical and tracking data

We use web analytics tools and tracking technologies (such as cookies, pixels, and scripts) that allow us to obtain aggregate information about user behavior on our websites, such as:

• Frequency of visits and average time spent on each page
• Bounce and conversion rates
• Links and buttons selected
• Resources downloaded or forms completed
• Approximate geographic data (e.g., city or country of connection)

4. How Long We Keep Your Data

The personal data provided by our users through our website will be kept for the time necessary to fulfill the legitimate purposes described in this policy in section 5 or until the user or client stops using our services, or requests the deletion of their data. G&A Institute may retain personal data for a longer period provided that the user has consented to such processing, as long as such consent is not withdrawn. In addition, G&A Institute may be obliged to retain personal data for a longer period provided that this is required for compliance with a legal obligation or by order of an authority. Once the retention period has expired, the personal data will be deleted. Therefore, the right of access, the right of deletion, the right of rectification and the right to data portability cannot be asserted after the retention period has expired.

5. Purposes of Data Collection

G&A Institute collects and processes website user data for specific, legitimate purposes, in accordance with the nature of the user's interaction with the platform. The applicable purposes are detailed below according to the type of data collected:

a) Personal data provided by the user

Personal data that the user voluntarily provides when completing forms, downloading resources, subscribing to newsletters, or participating in informational activities is processed for the following purposes:

• To manage requests for information about the services, projects, or activities carried out by G&A Institute;
• To provide access to technical resources, studies, reports, and other specialized content available on the site;
• To coordinate user participation in seminars, webinars, educational programs, or other training or outreach initiatives;
• To manage the sending of newsletters, thematic updates, and relevant content in accordance with the interests stated by the user;
• To respond to questions, suggestions, or communications sent by the user through forms or contact channels.

b) Contact and communication data

Contact details, including email, telephone, or other information provided through direct interactions with G&A Institute, are used to:

• Maintain direct correspondence and follow up on requests initiated by the user;
• Confirm registrations for events, trainings, or access to requested materials;
• Send confirmations, reminders, supplementary materials, or other logistical information related to the services or activities offered;
• Manage the subscription or cancellation of informational mailings at the user's request.

c) Data collected automatically by our websites

Technical data obtained automatically when visiting the site is used for the following purposes:

• To ensure the proper technical functioning of our websites and its features;
• To adapt the content and presentation of the site to the type of device, browser, or regional settings of the user;
• Detect and prevent misuse, unauthorized access, or computer security risks;
• Optimize the speed, accessibility, and performance of our websites sections.

d) Analytical and tracking data

Information derived from the use of cookies, tracking technologies, and analysis tools is collected for the following purposes:

• To measure the traffic, performance, and effectiveness of our websites and its various sections;
• To identify browsing patterns, user interests, and level of interaction with the content;
• To evaluate the scope and relevance of downloaded resources, completed forms, and subscriptions made;
• To perform internal analyses for the continuous improvement of the structure, functionality, content, and services offered through our websites;
• To personalize future communications and recommendations sent to the user based on their browsing behavior.

6. How We Share Information

Information about our clients is an important part of our business, and we are not in the business of selling it to others. We share client information only as described below.
 

6.1. Third-Party Service Providers

We use third-party services to perform certain functions on our website. Some of these functions and services include website hosting, sending emails, advertising services (Facebook Ads, Google Ads), and data analysis (Google Analytics).
 

These third-party services and tools may have access to personal information needed to perform their functions, but may not use that information for other purposes. Information shared with these third-party services will be treated and stored in accordance with their respective privacy policies and our privacy policy.
 

6.2. Communications (Mailing list)

G&A Institute may transfer certain personal data provided by users to external providers who provide services on behalf of the organization, for the sole purpose of facilitating the functionality of our websites and communication with users. In particular, G&A Institute uses the services of ActiveCampaign for the management, automation, and sending of newsletters and other communications by email. The data provided by users through forms on our websites or when downloading available resources may be transferred to this platform in order to manage the sending of relevant information content in accordance with the user's interests.
 

This transfer is carried out exclusively for communication purposes and under contractual agreements that require the provider to treat personal data securely, confidentially, and in accordance with G&A Institute's instructions. Users retain the right to revoke their consent and stop receiving communications at any time. They may do so by using the “unsubscribe” link included in each email received or by sending an express request through the contact channels indicated in this privacy policy.
 

6.3. Analytics, tracking and tracing technologies and other similar technologies

G&A Institute uses analytics, tracking, and monitoring technologies, such as Google Analytics, and similar tools, to understand how users interact with our website, improve our services, and personalize the user experience. These technologies collect data about activity on our site, such as pages visited and interactions, helping us to optimize the performance and effectiveness of our advertising campaigns. The information collected is used to improve the functionality of our site and provide a more relevant experience. Users can manage their cookie and tracking preferences through their browser settings. By continuing to use our site, you agree to the use of these technologies as described in our privacy policy.

6.4. Advertising Campaigns

G&A Institute informs you that, in order to carry out advertising campaigns and improve the relevance of its advertisements, it uses the services of third parties such as Facebook Ads and Google Ads. As a result, certain data collected through the use of our websites, such as online identifiers, IP addresses, browsing information, cookies, and other technical data, may be shared with these platforms for advertising purposes, including the creation of custom audiences, campaign performance measurement, and ad targeting. These third parties process the information in accordance with their own privacy policies and under their respective contractual conditions. By interacting with our websites, the user accepts that their data may be processed by these providers exclusively for the purposes described, without this implying a massive, indiscriminate or uncontrolled transfer of their information.

6.5. Business Transfers

In the event G&A Institute creates, merges with, or is acquired by another entity, your information will likely be transferred. G&A Institute will send you an email or post a prominent notice on our website before your information becomes subject to another privacy policy.

6.6. Protection of G&A Institute and Others

We release personal information when we believe release is appropriate to comply with the law, enforce or apply our terms and conditions and other agreements, or protect the rights, property, or safety of G&A Institute, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.

7. Data Breach Notification

In the event of a security breach that compromises the confidentiality of the personal data of our users, G&A Institute undertakes to notify those affected in a timely manner. This notification will be made through the means of contact that have been provided by the user on our website. We will take all reasonable measures to protect the information and remedy any situation that compromises the security of your data.

8. International Data Transfer

G&A Institute may transfer users' personal data outside of their home country due to the use of hosting, storage and processing services provided by third parties operating servers located in different countries. These transfers are necessary to ensure the continued operation of our websites. Although G&A Institute is based in the United States, the technological infrastructure used may involve data being stored or processed in jurisdictions with data protection laws other than the United States or your home country.

G&A Institute is committed to ensuring that all international transfers of personal data comply with applicable data protection regulations, including appropriate security measures to safeguard user information. This includes, among other things, the application of standard contractual clauses, assessment of the adequacy of data protection in the receiving country, and compliance with applicable privacy rules on third party services.

By using G&A Institute's services, users consent to the transfer, storage and processing of their data on servers located outside their country of residence, acknowledging that such transfers are necessary for the operation of our websites and services. G&A Institute undertakes to take all reasonable steps to protect the integrity and security of personal data during such international transfers.

9. Protection Of You Information

We grant access to your personal information only to those outside persons or services that have a legitimate need to know it and in accordance with our privacy policy. We adhere to industry-recognized security standards to protect your personal information, both during transmission and in storage. However, it is important to note that no method of transmission over the Internet or electronic storage is foolproof and 100% secure. Therefore, while we at G&A Institute strive to implement commercially viable data protection methods, we cannot ensure absolute security of your personal information. We undertake not to sell, distribute or transfer your personal data to unauthorized third parties, unless we have your explicit consent or are required by law to do so.

10. Rights

Users of the G&A Institute website, as data subjects, have various rights in relation to the processing of their personal information. These rights can be exercised under applicable data protection regulations in both the European Union and the United States, and G&A Institute is committed to respecting and ensuring compliance with these rights. In particular, users may exercise the following rights:
 

• Right of access: the user may request confirmation as to whether their personal data is being processed and, if so, access a copy of that information along with details about its use.
• Right to rectification: the user has the right to request the correction or updating of any personal data that they consider inaccurate, incomplete, or out of date.
• Right to erasure: in certain circumstances, the user may request the deletion of their personal data, for example, when the information is no longer necessary for the purposes for which it was collected or if they have withdrawn their consent.
• Right to restriction of processing: users may request that the use of their personal data be restricted in specific cases, such as during verification of its accuracy or in the context of an objection to processing.
• Right to object: where the processing of data is based on legitimate interests, users may object to it on grounds relating to their particular situation.
• Right to data portability: where technically feasible, the user may request the direct transmission of their personal data to another data controller or receive it in a structured, commonly used and machine-readable format.
• Right to withdraw consent: where data processing is based on the user's consent, the user may withdraw it at any time without affecting the lawfulness of the processing prior to its withdrawal.
• Right not to be subject to automated decisions: users have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects concerning them or significantly affect them in a similar way, unless such a decision is authorized by law or based on the user's explicit consent.

Users who wish to exercise any of the above rights may send a written request through the contact channels established in this Privacy Policy. G&A Institute undertakes to respond to all requests relating to the exercise of rights within a maximum period of thirty (30) calendar days from receipt, unless the complexity or volume of requests requires an extension, in which case the user will be notified in a timely manner.

If the user believes that the processing of their personal data violates applicable regulations, they may file a complaint with the competent supervisory authority. In the European Union, this includes the national data protection authorities of the user's country of residence. In the United States, you may contact the appropriate regulatory body according to your state or sector jurisdiction. Before contacting an authority, G&A Institute recommends that you contact us directly to try to resolve the complaint amicably and effectively.

11. Protection Of Children's Online Privacy

We comply with the requirements of national and international data protection regulations regarding the protection of personal data of minors. We do not collect any information from children under the age of 13 (minimum age allowed to collect and process information without parental or legal guardian consent). If we become aware that a child under the age of 13 has provided us with personal information, we will take steps to delete such information.

12. Third Parties

Except as expressly included in this privacy policy, this document only addresses the use and disclosure of information that G&A Institute collects from you. If you disclose your information to third parties, different rules may apply to their use or disclosure of the information you disclose to them. G&A Institute does not control the privacy policies of third parties, and you are subject to the privacy policies of such third parties where applicable. G&A Institute is not responsible for the privacy or security practices of third parties, including those linked to or from our websites. Please refer to the privacy policies of any third-party websites or services you access through our websites.

13. Changes To Privacy Policy

We reserve the right to change our privacy policy at any time. Changes will be promptly notified to our users and posted on our websites. Your continued use of our website following such changes will signify your acceptance of the changes.

14. Contact Information

If you have questions or concerns about this privacy policy and the treatment and security of your data, please contact us using the contact information below:

Governance & Accountability Institute, Inc.

Email: info@ga-institute.com