Privacy Policy

Last Update: November 7, 2022

The ESG Integrated Disclosure Project is an initiative of the Alternative Credit Council Limited (“ACC”), Loan Syndications and Trading Association, Inc. (“LSTA”), and PRI Association (“PRI”).  Each of ACC, LSTA, and PRI know that you (“You”) care about how personal information about You is used and shared, and we take Your privacy seriously.  Please read this privacy policy (“Privacy Policy”) to learn how ESG Integrated Disclosure Project collects, uses, discloses, stores, and otherwise processes personal information through the ESG IDP website located at www.esgidp.org (the “ESG IDP Website”).  This Privacy Policy serves as a part of our terms of use, available here.  The personal information You provide is collected by LSTA through the ESG IDP Website and shared with ACC and PRI as part of the ESG Integrated Disclosure Project.  

Through the ESG IDP Website, the LSTA collects Your name, title, organization, and email address when You download any of the templates or documents on the ESG IDP Website.  When You access the ESG IDP Website, a cookie is stored on Your device so that You do not have to re-enter Your information when You revisit the ESG IDP website and want to download any of the templates or documents on the ESG IDP Website.  You may decline cookies generally by using the appropriate feature of their Web client software, if available.  Note that we may not be able to honor a “Do Not Track” setting you use in your browser.

Personal data collected through the ESG IDP Website will be used by each of ACC, LSTA, and PRI for editorial and feedback purposes, to inform you of new templates or documents that are available, for marketing and promotional purposes, for a statistical analysis of users’ behavior, for product development, and for content improvement. We will delete Your personal data when it is no longer needed for our legitimate business purpose.  

Any information You provide in connection with the ESG IDP Website may be shared, leased, sold, or otherwise disclosed to third parties even if such parties are not specified in this Policy and without further notice to You.

The ESG IDP’s Website is not intended for use by children under the age of 18. ESG IDP does not intentionally collect or post personally identifying information from children under the age of 18. None of the ACC, LSTA, or PRI intentionally provide any personally identifying information collected from children under the age of 18, regardless of its source, to any third party for any purpose whatsoever.

The LSTA reserves the right, at its sole discretion, to change, modify, add or remove any portion of this Privacy Policy, in whole or in part, at any time.  The Privacy Policy that applies to You is the one in effect at the time You access the ESG IDP Website.  The last update date is listed at the top of these Terms.

If You are a European resident individual, You have certain rights in relation to Your personal information under the applicable European data privacy laws. This section only applies to such users. Under applicable European data privacy laws, ESG IDP is the data controller. 

Applicable European data privacy laws gives certain users the right to access their personal information. Your right of access can be exercised in accordance with the European data privacy laws. If You would like to request a copy of Your personal information being held by us, or request that it is deleted or to update and/or correct Your personal information or request that we provide a copy to another data controller of Your personal information that You have provided to us, please contact us. We will need enough information to ascertain Your identity as well as the nature of Your request. We will aim to respond to Your request within one calendar month of receipt of the request. Where we were unable to do so within the calendar month, we will notify You of the soonest practicable time within which we can respond to Your request (and within three months from the date of Your request). There are certain exemptions and restrictions of these rights under the European data privacy laws that enable personal information to be retained, processed or withheld from access and we will inform You of these if applicable. If You would like to exercise any of these rights, please contact us at info@esgidp.org. 

• to contact You: subject to applicable law, we or our third-party service and business providers may send You communications; especially if You have subscribed to one of our services. Such communications are designed to make Your experience of our Website more efficient and may include, but are not limited to: communications about our organization and other notifications including important news that could affect Your relationship with us. Where required under applicable data privacy laws, we will not send You marketing communications without Your prior consent;  
• for legal purposes: we may use and share personal information for legal purposes, including financial, regulatory, tax and other legal obligations and to respond to governmental or regulatory requests or subpoenas or for litigation purposes;
•  for our legitimate interests and those of a third party: we may use Your personal information to manage our legal, regulatory, financial and business requirements, including obtaining legal advice, in the course of disputes and litigation, internal and/or regulatory investigations and other legitimate interests; we also use Your personal data for our legitimate marketing purposes and we may share Your data with third parties, such as our sponsors, where we consider this meets our legitimate interests or those of our sponsors, whilst respecting users’ data privacy rights;
• for our business purposes: we may use Your personal information to help us manage the objectives of our organization; 
• for other purposes: subject to applicable law, we may use Your personal information for additional purposes in connection with the Website or our organization, where You have provided Your prior consent.

Your personal information will be processed in the US (which may have less stringent data privacy laws compared to those in Your country of residence) and we also transfer Your personal information to the recipients described in this Privacy Policy including those recipients located in countries which may also have a less stringent standard of data privacy laws compared to those in Your country of residence. Where this occurs, You acknowledge and where required, consent to such transfer in accordance with this Privacy Policy. 

We share Your personal information with third parties to help us use Your personal information, as described in the Privacy Policy and in addition, we may need to share Your personal information with our professional tax, legal, audit or financial advisors as well as sponsors, members and other organizations in the proper course of our business. We may also share Your personal information when we receive requests for information in the context of legal disputes, investigations regulatory enquiries or similar requests.

This Website collects cookies and may use cookies for reasons including, but not limited to:

• Analyze our web traffic using an analytics package
• Identify if You are signed in to the Website
• Test content on the Website
• Store information about Your preferences
• Recognize when You return to the Website

In addition, this Website uses Google Analytics and other analytics programs to collect information about You and Your behaviors. If You would like to opt out of Google Analytics, please visit https://tools.google.com/dlpage/gaopto. If You choose to block or delete cookies, certain features of our Website may not operate correctly. For more information, see www.allaboutcookies.org.

We will only retain Your personal information for as long as reasonably necessary to fulfil the determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of Your personal information, the purposes for which we process Your personal information and whether we can achieve those purposes through other means, and applicable legal requirements.

We have put in place appropriate security measures to prevent Your personal information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to Your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process Your personal information on our instructions and they are subject to a duty of confidentiality.

If You have any concerns regarding how we are handling Your personal information, please contact us at info@esgidp.org. We will strive to deal with Your concerns promptly. If You wish to complain about the handling of Your personal information outside of ESG IDP, You have the right to raise a complaint with a supervisory authority in Your country of residence under European data privacy laws.

California law permits our users who are California residents to request certain information about our disclosure of personal information to third parties for their own direct marketing purposes during the preceding calendar year. This request is free and may be made once a year. To make such a request, please write to us at www.esgidp.org. 

If You are a California resident, California law also provides You with the following additional rights with respect to Your personal information:

• The right to know what categories or specific personal information we have collected, used, disclosed and sold about You.  You also may designate an authorized agent to make a request for access on Your behalf.
• The right to request that we delete any personal information we have collected about You.  You also may designate an authorized agent to make a request for deletion on Your behalf.

To submit a request, You may email us at info@esgidp.org.  When You exercise these rights and submit a request to us, we will verify Your identity by asking You for Your email address, telephone number or other information.   We also may use a third-party verification provider to verify Your identity.  We will endeavor to honor client’s requests unless such a request conflicts with certain lawful exemptions.  Please note that we are only required to honor such requests twice in a 12-month period. 

For the 12-month period prior to the date of this Privacy Policy (November 7, 2022), the LSTA has not sold any personal information about ESG IDP Website, nor does it have any plans to do so in the future.