We take the privacy of our users and the protection of any information that is personal to them very seriously. This protection is a responsibility that we share with you.

Our responsibilities

In order to secure your personal information, we have taken reasonable steps to safeguard the information you provide to us:

  • Your user account can only be accessed using your username and password.
  • Sensitive data (such as credit card information) is protected by SSL (Secure Socket Layer) encryption when it is exchanged between your web browser and the SRI-RESEARCH website.
  • All information you provide to us, including your personal information, is stored in a tier-one secured-access data centre.
  • To protect any data you store on our servers, SRI-RESEARCH also regularly audits its system for possible vulnerabilities and attacks, and we use a tier-one secured-access data centre.

However, no data transmission over the Internet can be guaranteed to be completely secure; accordingly, we cannot ensure or warrant the security of any information you transmit to SRI-RESEARCH. There is no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.

You should also note that emails, instant messaging, and similar means of communication with other Users of SRI-RESEARCH are not encrypted, and we strongly recommend that you do not communicate any confidential information through these means.

Data protection

SRI-RESEARCH complies with the principles of the United Kingdom Data Protection Act 1998 when dealing with data received from visitors to our site.

We only hold data which is necessary to offer the services provided on our website.  Users’ access and IP addresses automatically recognised by the web server may be logged for analytical and statistical purposes.

Users may decline to receive mailings or marketing information.  Any links within this site to other websites are not covered by this policy.

Your responsibilities

Keeping data secure – your obligations

It is your responsibility to protect the security of your login information. At all times, you agree to:

 

  • keep your password secure and confidential;
  • not permit others to use your account;
  • refrain from using other users’ accounts;
  • refrain from selling, trading, or otherwise transferring your SRI-RESEARCH account to another party;
  • refrain from charging anyone for access to any portion of the SRI-RESEARCH website, or any information contained therein; and
  • maintain no more than one SRI-RESEARCH account at any given time.

You also agree to:

  •  immediately notify us of any unauthorised use of your password or account designation or any other breach of security, and
  • ensure that you exit from your account whenever completing a session on the SRI-RESEARCH site.

SRI-RESEARCH shall not be liable for any loss or damage arising from your failure to comply with these requirements.

You should report any suspected security violations to us at: This email address is being protected from spambots. You need JavaScript enabled to view it.

Information control

You are responsible for all activity occurring through your account until you request that it be closed down or until such time as you can prove that your account security has been compromised through no fault of your own.

To close your account, you can request this via you profile at IRRI user profile Alternatively, please contact This email address is being protected from spambots. You need JavaScript enabled to view it..

GDPR compliance information

There are the things that we are required, by GDPR and other privacy/personal information laws, to tell you:

  • The name and contact details of our organisation
    • SRI-CONNECT Ltd - a limited company registered in England and Wales at 32 Oakley Road, Reading RG4 7RL with registration number 7254089
  • The purposes of the processing
    • We process personal data for the purposes of running the SRI-RESEARCH website and the wider SRI-CONNECT network, improving the efficiency of communications and research flow between individuals within the SRI & corporate governance industry and keeping other professionals with an exposure to sustainable investment and corporate governance updated with research, best practice and developments in the industry.
  • The lawful basis for the processing
    • In GDPR terms, we process personal data on a 'Legitimate interests' basis.
  • The legitimate interests for the processing.
    • Our ‘legitimate interest’ - in respect of registered users of the SRI-RESEARCH website is that the holding, tightening and display of proportionate personal data is needed to enable the functioning of of the surveys conducted by SRI-CONNECT Ltd. via the SRI-RESEARCH website.
  • The categories of personal data obtained (if the personal data is not obtained from the individual it relates to).
    • None for the SRI-RESEARCH website
  • The recipients or categories of recipients of the personal data.
    • Information that users of the SRI-RESEARCH website put in their profile can be viewed by only by data controllers and data processors of SRI-CONNECT Ltd. and the SRI-RESEARCH website.
  • The details of transfers of the personal data to any third countries or international organisations (if applicable).
    • All personal data is retained within SRI-CONNECT Ltd and the SRI-RESEARCH website.  Anonymised survey results completed by SRI-RESEARCH users may be distributed either as entered or aggregated.
  • The retention periods for personal data
    • We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.  To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm for unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. By law we have to keep basic information about users we have a customer/supplier relationship with (including Contact, Identity, Financial and Transaction Data) for seven years after the original transaction date.  In practice this means that:
      • For subscriber users or purchasers of reports/other services: a minimum of seven 7 years for information that is necessary for legal compliance
      • For registered users: For as long as the user remains a member of the network
      • For unregistered users: For as long as they have an active professional interest in sustainable investment or corporate governance.
  • The rights available to individuals in respect of the processing.
    • These are available on request
  • The right to withdraw consent.
    • You have that right.  Just let us know.  (This email address is being protected from spambots. You need JavaScript enabled to view it.)
  • The right to lodge a complaint with a supervisory authority.
    • You have that right.  Report a concern to the ICO … but please do report your concern to us first.  We would be massively disappointed in ourselves at so many levels if you ever feel the need to even consider this.
  • The source of the personal data (if the personal data is not obtained from the individual it relates to).
    • All information is provided by the individual it relates to.
  • The details of whether individuals are under a statutory or contractual obligation to provide the personal data (if applicable, and if the personal data is collected from the individual it relates to).
    • You are under no obligation to supply us with anything.
  • The details of the existence of automated decision-making, including profiling (if applicable).
    • None of this happening.