Introducing Our First Podcast Series: The Scope 3 Agenda
Learn More
The ultimate guide to ratings vs. self-assessment
View ebook

Statement of Data Privacy

Statement of Data Privacy

At EcoVadis, protecting user information is our priority. We have prepared this Statement of Data Privacy to describe our practices regarding “Personal Information” (as defined below) which we collect from natural persons that browse, send information or have a relationship with EcoVadis or EcoVadis’ Customers (hereinafter “Users”of our web Services including but not limited to sites located at www.ecovadis.com, www.ecovadis-survey.com, all subdomains, and all other online services of EcoVadis SAS or EcoVadis Inc. (“Services”). For the purposes of this Statement of Data Privacy, unless otherwise noted, all references to EcoVadis include all online web services of EcoVadis SAS and EcoVadis Inc.

We respect each individual’s right to personal privacy. We will collect and use information we receive directly from Users through the EcoVadis website or services only in the ways which are disclosed in this Statement of Data Privacy. Information provided to EcoVadis by our corporate customers is collected  and processed by them, acting as data controllers and  under their privacy policies. By using EcoVadis web Services Users agree to the data practices described herein and Users acknowledge  the collection, use and disclosure of their Personal Information in accordance with this Statement of Data Privacy.

EcoVadis SAS as a data controller adheres to the set of data protection principles developed by the French data protection authority CNIL (COMMISSION NATIONALE DE L’INFORMATIQUE ET DES LIBERTÉS) under the French Data Protection Act as well as to the General Data Protection Regulation (GDPR) applicable from May 25th 2018 and as far as they are applicable also to international data protection laws.

To learn more about the CNIL please visit: http://www.cnil.fr/english/

This published Statement of Data Privacy is accurate, comprehensive, prominently displayed, completely implemented, accessible, and conforms to the set of data protection principles developed by the French Data Protection Act and in compliance with any current regulation applicable to the processing of Personal Information, and in particular with Law 78-17 of 6 January 1978 amended.

Pursuant to these laws, the Users shall have the right to request access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability related to, any personal information you provide on the website. Such  request may be sent  to the Support Service or directly to the following address: EcoVadis SAS, Data Protection Officer ,  43 Avenue de la Grande Armée, 75116 Paris – FRANCE, dpo@ecovadis.com

EcoVadis SAS  has signed with its subsidiaries Ecovadis Inc (US), EcoVadis (Mauritius) Ltd, EcoVadis Hong Kong Ltd and EcoVadis Tunisia SARL as well as with its providers, Standard Contractual Clauses (SCC) provided by the European Commission in order to apply a compliant mechanism under the GDPR Art 46 for the transfer of personal data to third countries which do not ensure an adequate level of data protection.

Collection and use of User Personal Information

We use the personal information we collect from our customers and potential customers for the following purposes : (1) contract and billing administration, (2) product and service delivery, (3) call and chat recordings from support services (4) communications regarding marketing and technical information concerning our products and services, (5) customer account management, (6) website audience tracking and viewer statistics for customer prospection, and (7) fulfillment of our business obligations to our customers.

EcoVadis collects and uses a user’s Personal Information such as name and email address (user name) to deliver the services a user has requested. EcoVadis may also use your Personal Information to inform Users of other products or services available from and through EcoVadis. EcoVadis may also contact Users via surveys to conduct research about user opinions of current services or of potential new services that may be offered.

If a user purchases services from EcoVadis, we may request billing and credit card information. The credit card information is not stored by EcoVadis.

Personal and non-personal Information about the user’s computer hardware and software may be automatically collected by EcoVadis. This information can include: the user’s IP address, browser type, domain names, access times and referring website addresses. This information is used for the operation of the service, to maintain and to improve the quality of the service, and to provide general statistics regarding the use of EcoVadis web services.EcoVadis may keep track of the websites and pages our Users visit while using the EcoVadis web services, in order to improve the user experience and determine what EcoVadis services are the most popular.

We also collect and use data from job applicants for the purpose of hiring through dedicated job portals.

Legal notices concerning data processing are displayed on the website :

For more information about data processing during the CSR assessment please see here.

For more information about prospection please see here.

For more information about call recording please see here.

For more information about hiring please see here.

Third parties 

EcoVadis does not sell, rent or lease their customer lists to third parties.

EcoVadis may share data with trusted providers for different data processings (purposes) like for the delivery of the the product and service, statistical analysis of usage, user behaviour, customer prospection, human resources and recruitment management, email account management, invoicing and to provide customer support and communication; and EcoVadis has signed with all the providers, acting as Data Processors, Data Processing Agreements (DPAs) in order to ensure all the obligation and responsibilities in the GDPR’s framework.

All such third parties are prohibited from using a user’s Personal Information except to provide these services to EcoVadis, and they are required to maintain the strict confidentiality of user information.

EcoVadis, as a data controller, determines the purposes for which and the means by which personal data is processed and is liable in cases of onward transfers to third parties, such as processors and sub-processors.

EcoVadis will disclose user Personal Information, without notice, only if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on EcoVadis or the site; (b) protect and defend the rights or property of EcoVadis; and, (c) act under exigent circumstances to protect the personal safety of Users of EcoVadis, or the public.

Use of Cookies

www.ecovadis.com may use “cookies” to help personalize a User’s online experience. A cookie is a text file that is placed on the user’s hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to a user’s computer. Cookies are uniquely assigned to the individual user, and can only be read by a web server in the domain that issued the cookie to the User. One of the primary purposes of cookies is to provide a convenient feature to save the user time. The purpose of a cookie is to tell the web server that you have returned to a specific page. For example, if a user personalizes EcoVadis pages, or registers on the EcoVadis website or to the services, a cookie helps EcoVadis to recall the user’s specific information on subsequent visits. This simplifies the process of recording a user’s Personal Information, such as login information. When a user returns to www.ecovadis.com, the information the user previously provided can be retrieved, so the user can easily use the EcoVadis features which they had customized.

Users have the ability to accept or decline cookies (Targeting, Functional and Performance cookies) except for the strictly necessary cookies for the performance of the website. Users can modify their browser settings to block cookies if they prefer. If a user chooses to block cookies, the user may not be able to fully experience the interactive features of the EcoVadis website(s) they visit or service(s) used.

Update your cookies settings here:


Security of a User’s Personal Information

EcoVadis uses industry-standard technologies when transferring and receiving  user data exchanged between EcoVadis and third parties to help ensure data security. EcoVadis’ website has security measures in place to protect the loss, misuse and alteration of information.

Ecovadis uses the ISO 27001 standard, for which we are certified, as a framework and integrates personal data protection in its management system.

As part of this management system we provide appropriate employee training and have internal procedures to periodically review  our compliance with the French Data Protection Act and GDPR.

For more information on our information security management system please visit our trust center : https://ecovadis.com/trust-center/

User data are stored on servers in Europe maintained by the hosting provider Microsoft Azure and subject to their security safeguards.

Credit card transactions are made securely through PayPal (https://www.paypal.com) or Alipay (www.alipay.com).

Children Under Eighteen

EcoVadis Services are directed towards Users in their business capacity and are not designed for or directed to children under the age of 18, and we will not intentionally collect or maintain information about anyone under the age of 18.

International Users

Please note that the personal information a user submits to EcoVadis may be transferred or saved in Europe  and processed under GDPR  If the User is not a resident of France or a country subject to GDPR , the User acknowledges that we may collect, process, use, and store a user’s personal information, as discussed in this Statement, and outside the User’s resident jurisdiction which is different to  the French law,GDPR and the following new legislation or regulations applicable

The following applies to Users who are resident in the Russian Federation:

The services offered by EcoVadis and any of its affiliated companies are exclusively delivered from data centers located outside of Russia. If you are a Russian citizen residing in Russia, you are hereby notified that any Personal Data that you input into the services will be solely at your own risk and responsibility and that you expressly agree that EcoVadis SAS may gather your Personal Data and will store  this data in the EU and that you will not hold EcoVadis SAS and any of its affiliated companies accountable for any potential non-compliance with legislation of the Russian Federation.

The following applies to Users who are resident in the People’s Republic of China:

The Personal Information Protection Law (“PIPL”) and other related law of the People’s Republic of China (“PRC”) shall apply when EcoVadis and any of its affiliated companies and offices available at https://ecovadis.com/contact-us/ process your personal information.

Collection and use of User Personal Information

In compliance with the PIPL and other applicable PRC laws and based upon your prior consent, we may – from time to time – use your personal information to inform you of other products or services available from and through EcoVadis that we think may be useful or relevant to you. You may always opt out by declining such marketing information when registering or using our services and website by following opt out instructions included in the respective pages or communications.

As far as processing of your sensitive personal information is indeed necessary for EcoVadis to provide the products and services you requested, we will strictly observe all statutory preconditions and requirements including obtaining your separate consent at the interface for ordering such products or services. Here sensitive personal information is defined by the PIPL as those personal information that, if leaked or illegally used, could easily result in infringement of a natural person’s dignity or endangering of personal/proprietary security, which include (but not be limited to) biometric information, religious belief, special identity, medical and health information, financial account, tracking and whereabouts, information of minors below the age of 14.

Please note that in order to comply with applicable PRC laws, regulations and national standards, it may be necessary for us to collect and use your personal information without obtaining your consent under the following circumstances:

1)      where it is necessary for us to conclude or perform a contract with you;

2)      where it is necessary for us to perform statutory duties or statutory obligations;

3)      where it is necessary for us to respond to a public health emergency or to protect the life, health and property safety of a natural person;

4)      where such acts as news reporting and supervision by public opinions are carried out by us for the public interest, and the Processing of your Personal Information is within a reasonable scope;

5)      where it is necessary for us to process your Personal Information you disclosed or other Personal Information that has been legally disclosed within a reasonable scope in accordance with the law; and

6)  other circumstances prescribed by laws and administrative regulations.

Third parties

When it is necessary for EcoVadis to transmit your personal information to third parties such as external suppliers, another third party or another EcoVadis entity, we will proactively inform you about

  • name and contact of the recipient
  • purpose of processing,
  • method of processing, and
  • categories of personal information to be transmitted.

We will obtain your separate consent to this effect and we will oblige the recipient to process the received personal information within the scope and in the way as disclosed above via respective data processing agreement. We will obtain a new consent from you in case of any change of the above disclosed processing purpose or method of processing shall require a new consent from the data subject (for which we will first disclose in detail changes to the disclosed processing purpose or changed method of processing). 

Opt-Out & Unsubscribe

We respect user privacy and give Users an opportunity to opt-out of receiving announcements about certain information. Users may object to / opt-out of receiving any or all communications from EcoVadis by following the “unsubscribe” link on communication received from EcoVadis or otherwise by contacting us.

Changes to this Statement

EcoVadis will occasionally update this Statement of Data Privacy to reflect company and customer feedback. EcoVadis encourages Users to periodically review this Statement to be informed about how EcoVadis protects user information.

Contact Information

EcoVadis welcomes your questions or comments regarding this Statement of Data Privacy. If you believe that EcoVadis has not adhered to this Statement, please contact EcoVadis at:

EcoVadis SAS
Data Protection Officer
43 Avenue de la Grande Armée
75116 Paris, France
Email: dpo@ecovadis.com

Intellectual Property

Our website is protected by national and international laws and regulations relating to Intellectual property.

You recognize EcoVadis SAS ownership of title, service marks, trade names, logotype, patents, copyright and other intellectual property rights arising out of the website’s content and related. Any use of elements of EcoVadis SAS website shall obtain EcoVadis – or concerned third party – prior written consent.

See our General Terms and Conditions of Use