- Privacy notice
- Cookie Notice
- Information Security
- MSCI third party notices
- Supplier Code of Conduct
- Modern Slavery Statement
- Index Terms
- Local Requirements
- U.K. Tax Strategy
- Notice & Disclaimer
- Notice and Disclaimer for Reporting Licenses
- Notice and Disclaimer for Blended Index Return(s)
- Provisional Rating
- Services Supplements
- SPO Disclaimer
- DMCA Notice and Copyright Takedown Policy
- Data Contributor Terms
- Client Provided Data Terms
- Private Company Data Connect Service Terms
Privacy Pledge Intro
Last modified: January 17, 2024
Protecting the confidentiality and security of personal information is integral to the way in which MSCI Inc. and its affiliates ("MSCI", “us” or “we”) conduct business worldwide.
Generally, MSCI is the “controller” of any personal information that you provide to us, and this Privacy Notice is intended to cover certain notice requirements when we determine the purpose and means of processing such personal information in the regions in which we operate. Where additional provisions required by local legislation apply, we have addressed those provisions in separate expanders below.
This Privacy Notice, our Cookie Notice and other legal notices listed on this website (www.msci.com) (together, with all sub-domains and other websites that we own or operate "Website") explain our collection, use and disclosure of personal information collected in the course of our business activities.
This Privacy Notice does not apply to information collected, stored, shared, or distributed by third party sites. This Privacy Notice does not apply to our employees, who are covered by our internal notices, policies and procedures.
Please read this Privacy Notice carefully. The summary immediately below describes only highlights, and we encourage you to read this Privacy Notice completely.
MSCI is a multinational corporation, with offices around the world. MSCI’s clients and prospects are companies, not individuals or consumers. MSCI’s vendors, service providers and consultants (together “Vendors”) are typically companies but on occasion may be individuals.
We process personal information that comes from three sources: information you provide, information we receive from other sources, and information collected automatically.
The first category, information you provide, includes information that you provide through our website, through our products or through our client support portals, through day-to-day interaction with us, in connection with a job search, and as a visitor to our offices.
The second category, information we receive from other sources, includes information from public sources, information from our employees, and information from our clients.
The last category, information we collect automatically, includes information collected when you visit our website or use our IT systems/networks.
Where required by applicable data protection law, our processing of your personal information will be justified on a lawful basis. We do not sell or rent your personal information to third parties. We share data internally among our corporate affiliates and business units in the ordinary course of our daily operations. We share personal information with our Vendors in connection with their performance of services for us, in accordance with our instructions, and subject to appropriate contractual restrictions and security and confidentiality obligations. We may be required to disclose your personal information for legal/regulatory/compliance purposes or in connection with an investigation, or if we believe it is reasonably necessary to prevent harm or loss. We may also share your personal information in connection with certain corporate events.
MSCI maintains and applies consistent physical, electronic and procedural safeguards that aim to protect personal information against loss, misuse, damage or modification and unauthorized access or disclosure.
Highlights of MSCI’s information security program can be found on our website at https://www.msci.com/information-security.
We send our marketing emails within the US on an opt-out basis and outside of the US, we rely on opt-in consent.
If you have legislative access or similar legal rights in your jurisdiction with respect to your personal information, and you wish to exercise any such rights as further identified in this Privacy Notice, you can submit your request to us by completing the web form available at https://www.msci.com/DSR-external-form.
Please note that a fee may be charged where laws permit. Please do not use these web forms to manage your subscriptions to our email groups. Instead, please follow the instructions below. Please do not use this form if you work for a current client or Vendor or prospective client or Vendor of MSCI and wish to have your business contact information updated. You can update that information by contacting your local MSCI representative directly. If you are a current MSCI employee, please use the appropriate internal resources provided.
EU/EEA/UK/SWITZERLAND specific GDPR rights
If your data is processed in the EU, EEA, UK, or Switzerland you will have the following rights under the General Data Protection Regulation (“GDPR”) (including the UK GDPR, and the Swiss Federal Act on Data Protection):
- Right of Access/Subject Access Request: You are entitled to request confirmation that your personal information is being processed; access to your personal information; and other supplementary information that may not be included in this Privacy Notice.
- Right of Rectification: You are entitled to have any inadequate, incomplete or incorrect personal information corrected.
- Right to Erasure (the “right to be forgotten”): You are entitled to have your personal information erased under specific circumstances, such as where you have withdrawn your consent, where you object to processing based on legitimate interests and we have no overriding legitimate grounds, or where personal information is unlawfully processed.
- Right to Restriction Processing: You have the right to restrict our processing of your personal information (that is, allow only its storage) where:
- you contest the accuracy of the personal information, until we have taken sufficient steps to correct or verify its accuracy;
- the processing is unlawful, but you do not want us to erase the personal information;
- we no longer need your personal information for the purposes of the processing, but you require such personal information for the establishment, exercise or defense of legal claims;
- you have objected to processing justified on legitimate interest grounds (see below), pending verification as to whether we have compelling legitimate grounds to continue processing; or
- your personal information is subject to restriction, in which case we will only process it with your consent, for the establishment, exercise or defense of legal claims, for the protection of the rights of another person, or for reasons of important public interest.
- Right to Data Portability: Where we are relying (as the legal basis for processing) upon your consent, or the fact that the processing is necessary to perform a contract to which you are party or to take steps at your request prior to entering a contract, and the personal information is processed by automatic means, you have the right to receive all such personal information which you have provided to us in a structured, commonly used and machine-readable format, and also to require us to transmit it to another controller where this is technically feasible.
- Right to Object: You have the right to object to:
- Processing (including profiling) based on legitimate interest grounds: Where we are relying upon legitimate interests to process personal information, you have the right to object to that processing. If you object, we must stop that processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or we need to process the personal information for the establishment, exercise or defense of legal claims. Where we rely upon legitimate interests as a basis for processing, we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.
- Direct marketing (including profiling): You have the right to object to our use of your personal information (including profiling) for direct marketing purposes, such as when we use your personal information to invite you to our promotional events.
- Rights in Relation to Automated Decision Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Please note, we do not use your personal information for automated decision making, including profiling.
Exercising your EU specific GDPR rights
If you wish to exercise any of the foregoing rights, please submit your request to us by completing the web form available at https://www.msci.com/DSR-external-form.
If your personal information is transferred outside the EU/EEA/UK to other MSCI group companies or to Vendors and there’s no adequacy decision available, we will take steps to ensure that your personal information receives essentially equivalent level of protection as if it remained within the EU/EEA/UK, including by entering into data transfer agreements, using the European Commission adopted Standard Contractual Clauses, or by relying on certification schemes such as the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) and/or other currently valid mechanisms for transfers.
MSCI Inc. and its subsidiaries importing personal information to the US, as participants of the DPF Program committed themselves to adhere to the Principles of the DPF in reliance of all personal information received from the EU, the UK or Switzerland and are subject to the investigatory and enforcement powers of the Federal Trade Commission. If you want to check which US-based MSCI entities are certified for DPF, do visit DPF’s website via the following link: Participant Search (dataprivacyframework.gov)
In those cases where MSCI applies the Standard Contractual Clauses adopted by the European Commission we have assessed the laws of those countries where personal data is transferred and which permit governmental access to personal data and have considered the likelihood of such access based on our experience, the safeguards we have in place, and the nature of our data processing activities.
MSCI being responsible to data subjects for their personal information being transferred to third parties has technical, contractual and organizational measures in place to safeguard personal data, as a matter of course, including the solutions set out MSCI’s Information Security Program, which minimize any risk associated with data transfers.
If your data is processed in the EU/EEA/UK, you have a right to obtain details of the mechanism under which your personal information is transferred outside of the EU/EEA/UK by completing the web form available at
Data Privacy Framework Recourse Mechanisms
To ensure adequate level of protection in terms of personal data being processed by MSCI according to this Privacy Notice and transferred to the US from the EU/UK and Switzerland, MSCI participates in the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
MSCI applies the following tripartite recourse mechanism which you can apply to if you feel that the transfer of your personal data to the U.S. does not comply with the principles and supplemental principles of the Data Privacy Framework:
In the first instance, we encourage you to you reach out to us directly with your query related to the transfer of your data to the U.S. via MSCI’s privacy request form (link) free of charge and we will respond to your query within 45 after we received it. If you are not satisfied with the response we provided, or you don’t want us to help you with your query you can reach out to a Data Protection authority of an EU member state, the UK ICO or to the FDPIC of Switzerland, depending on the jurisdiction applicable for the transfer of your personal data, as MSCI agreed to cooperate and comply with the advice of the appropriate European data protection authorities. You may find the list of the data protection authorities below:
- European Union: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
- United Kingdom: Information Commissioner's Office (ICO)
- Switzerland: Homepage (admin.ch)
If you already raised the claimed violation of the Data Privacy Framework’s principles directly with MSCI and afforded us an opportunity to resolve the issue within 45 days and reached out to the appropriate data protection authority, then, if you still want to determine for your residual claims, whether MSCI has violated its obligations under the Principles of the Data Privacy Framework or whether any such violation remained fully or partially unremedied you may invoke an arbitration option by reaching out to The International Centre for Dispute Resolution-American Arbitration Association (ICDR-AAA).
If your data is processed in the EU/EEA, you have the right to lodge a complaint with the supervisory authority of your habitual residence, place of work or place of alleged infringement, if you consider that the processing of your personal information infringes the applicable law. A list of data protection supervisory authorities is available at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
If your data is processed in the UK, the UK is your habitual residence, place of work or place of alleged infringement, and if you consider that the processing of your personal information, for example its transfer to the US, infringes the applicable law you have the right to lodge a complaint with the UK Information Commissioners Office (https://ico.org.uk/global/contact-us/).
ADDITIONAL PRIVACY INFORMATION FOR CALIFORNIA RESIDENTS
This notice provides information for certain California residents, as currently required under California privacy laws, including the California Consumer Privacy Act (including as expanded under the California Privacy Rights Act or CPRA, hereinafter “CCPA”). California privacy laws require that we provide California residents information about how we use their personal information, whether collected online or offline, and this document is intended to satisfy that requirement.
Under the CCPA, “personal information” is any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California resident or household.
Except for the right to opt-out and the right of non-discrimination, this section does not apply to California residents with whom we transact or communicate solely in the context of providing or receiving a product or service to or from a company that employs such residents or engages such residents as contractors. This section generally does not apply to personal information we collect about job applicants, independent contractors, or current or former full-time, part-time and temporary employees and staff, officers, directors or owners of MSCI.
Categories of Personal Information that We Collect and/or Disclose
Please find the categories of personal information about California residents that we collect and/or disclose to third parties or service providers for a business purpose. We collect these categories of personal information from the sources described in MSCI’s main Privacy Notice above and for the purposes described therein. Our collection use and disclosure of personal information about a California resident will vary depending upon the circumstances and nature of our interactions or relationship with such resident.
|Categories of personal information
|Do we collect?
|Do we disclose for business purposes?
|Do we sell?
|Name, contact information and related personal identifiers.
|Customer records containing personal information.
|Legally protected classifications, such as race, color, sex, age, religion, national origin, disability, citizenship status, and genetic information.
|Commercial purchase history and tendencies.
|Biometric information that can be used to establish individual identity.
|Internet or other electronic network activity or usage Data.
|Precise geographic location information about a particular individual or device.
|Audio/visual or similar personal information.
|Personal, non-public education information.
|Profiles/inferences created from personal information.
California Residents’ Rights
California law grants California residents’ certain rights and imposes restrictions on business practices as set forth below.
Do-Not-Sell: California residents have the right to opt-out of our sale of their personal information. We do not sell your personal information.
Notice at Collection: We are required to notify California residents, at or before the point of collection of their personal information, the categories of personal information collected and the purposes for which such information is used, and this notice and the main Privacy Notice above serves this purpose.
Verifiable Requests for Right to Delete, Right to Copy and Right to Know. Subject to certain exceptions, California residents have the right to make the following requests free of charge:
Right to Know: California residents have the right to request that we provide them certain information, up to twice every 12 months, about how we have handled their personal information in the prior 12 months, including the:
- categories of personal information collected;
- categories of sources of personal information;
- business and/or commercial purposes for collecting and selling their personal information;
- categories of third parties/with whom we have disclosed or shared their personal information;
- categories of personal information that we have disclosed or shared with a third party for a business purpose;
- categories of personal information collected; and
- categories of third parties to whom the residents’ personal information has been sold and the specific categories of personal information sold to each category of third party.
Right to Delete: California residents have the right to request deletion of their personal information that we have collected about them, subject to certain exemptions, and to have such personal information deleted, except where necessary that we maintain such personal information in order to:
- Complete the transaction for which the personal information was collected, provide a good or service requested by the California resident, or reasonably anticipated within the context of a business’s ongoing business relationship with the California resident, or otherwise perform a contract between the business and the California resident.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity.
- Debug to identify and repair errors that impair existing intended functionality.
- Exercise free speech ensure the right of another California resident to exercise his or her right of free speech, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code.
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the California resident has provided informed consent.
- Enable solely internal uses that are reasonably aligned with the expectations of the California resident based on the consumer’s relationship with the business.
- Comply with a legal obligation.
- Otherwise use the California resident’s personal information, internally, in a lawful manner that is compatible with the context in which the California resident provided the information.
Right to Correct Inaccurate Personal Information: California residents have the right to request us to use commercially reasonable efforts in order to correct their inaccurate personal information, taking into account the nature and the purposes of the processing of the personal information.
Request for a Copy: California residents have the right to request a copy of the specific pieces of personal information that we have collected about them in the prior 12 months, up to twice every 12 months, and to have this delivered either (a) by mail or (b) electronically in a portable and, to the extent technically feasible, readily useable format that allows the individual to transmit this information to another entity without hindrance.
Submitting Requests.Requests to delete, for a copy, and/or to know may be submitted by contacting us at (833)-548-0230 (toll free) or by completing the web form available at https://www.msci.com/DSR-external-form. We will respond to verifiable requests received from California consumers as required by law.
Incentives and Discrimination. The CCPA prohibits discrimination against California residents for exercising their rights under the CCPA and imposes requirements on any financial incentives offered to California residents related to their personal information.
Discrimination: Businesses may not discriminate against residents who exercise their rights under CCPA. Discrimination may exist where a business denies or provides a different level or quality of goods or services, or charges (or suggests that it will charge) different prices or rates or impose penalties on residents who exercise their CCPA rights, unless doing so is reasonably related to the value provided to the business by the residents’ data.
Disclosure of Incentives: If businesses offer financial incentives for the collection, sale or deletion of California residents’ personal information, residents have the right to be notified of any financial incentives offers and their material terms, the right not be included in such offers without prior informed opt-in consent, and the right to be able to opt-out of such offers at any time. Businesses may not offer unjust, unreasonable, coercive, or usurious financial incentives. We do not offer any incentives.
California Privacy Rights under California’s Shine-the-Light Law
Under California’s “Shine the Light” law (Cal. Civ. Code § 1798.83), California residents who provide us certain personal information are entitled to request and obtain from us information about the personal information (if any) we have shared with third parties for their own direct marketing (see MSCI’s main privacy notice) use. Such requests may be made once per calendar year for information about any relevant third party sharing in the prior calendar year. California residents who would like to make such a request may submit a request in writing by emailing us at firstname.lastname@example.org. The request should attest to the fact that the requester is a California resident, and provide a current California address.
ADDITIONAL PRIVACY INFORMATION FOR RESIDENTS OF SOUTH AFRICA
This Notice provides information for residents of South Africa, in accordance with the requirements of the Protection of Personal Information Act (“POPIA”). Generally, MSCI is the “responsible party” of any personal information that you provide to us and addition to the information detailed in our Privacy Notice. POPIA requires that we provide an identifiable, natural person, and where applicable, an identifiable, existing juristic person (data subject) with certain rights.
The Promotion of Access to Information Act, No 2 of 2000 (PAIA) gave effect to the constitutional right of access to any information held be the state and by another person and that is required for the exercise or protection of any rights. In terms of Section 51 of PAIA, all private bodies are required to compile an information manual. This PAIA Manual was prepared in accordance with Section 51 of PAIA and POPIA.
Rights for Residents’ of South Africa
A data subject has the right to have its personal information processed in accordance with the conditions for the lawful processing of personal information, including:
- Right to be Notified that personal information is being collected; or where personal information has been accessed or acquired by an unauthorized person.
You are entitled to:
- the Right to Request Access to personal information
- You are entitled to establish whether a responsible party holds your personal information and to request access to your personal information.
- Right to Request, where necessary, the correction, destruction, or deletion of personal information
- You are entitled to have any inadequate, incomplete, or incorrect personal information corrected.
- You are entitled to have your personal information erased under specific circumstances, such as where you have withdrawn your consent, where you object to processing based on legitimate interests and we have no overriding legitimate grounds, or where personal information is unlawfully processed.
- Right to Object, on reasonable grounds relating to the processing of your personal information
- You are entitled to object if processing does not occur in the prescribed manner, on reasonable grounds, unless legislation provides for such processing;
If you object, we must stop that processing unless we can demonstrate legal grounds for the processing that override your interests, rights and freedoms, or we need to process the personal information for the establishment, exercise or defence of legal claims. We will consider each case on an individual basis.
- You are entitled to object to the processing of personal information for the purposes of direct marketing, and not to have personal information processed for purposes of direct marketing by means of unsolicited electronic communications
- You are entitled to object if processing does not occur in the prescribed manner, on reasonable grounds, unless legislation provides for such processing;
- Right not to be subject, under certain circumstances, to a decision which is based solely on the automated processing of personal information
- You have the right not to be subject, under certain circumstances, to a decision which is based solely based on the automated processing your personal information intended to provide a proﬁle. Please note, we do not use your personal information for automated decision making, including profiling.
Submitting Requests: Requests to correct, delete, destroy or for a copy, and/or to object may be submitted by completing the web form available at https://www.msci.com/DSR-external-form. We will respond to verifiable requests from residents of South Africa as required by law.
ADDITIONAL PRIVACY INFORMATION FOR RESIDENTS OF BRAZIL
This notice provides certain additional information about how MSCI uses and treats personal information, specifically with respect to the General Data Protection Law (“LGPD”) of Brazil.
The data we collect, and the purposes of use, are further set forth below. If your personal information is processed in Brazil, please note the following additional rights with respect to the LGPD:
Sharing of Personal Information
We do not disclose, sell or make available your personal information outside the scope of the purposes described in this Privacy Notice or in disaccord with applicable legislation.
We maintain necessary security procedures and measures in treating the data obtained and shared, according to the requirements of applicable law.
In view of the possibility of operating in multiple countries and the possibility of computer systems with global scope, including cloud data storage services, we or related third parties can store and treat personal information in other countries. you are aware that your personal information may be stored and processed in different countries, and that other analytic tracking technologies or cookies can be applied, as described in this Privacy Notice.
We will take the measures necessary so that your personal information receive an adequate level of protection, as required by applicable law, so that this transfer shall observe the LGPD, either through the use of the standard contractual clauses required by applicable law or by means of other safeguards, as applicable. After you provide us with your personal information, we may transfer, transmit and/or forward your personal information to other jurisdictions. We adopt appropriate measures for adequate protection of the right to privacy of our Users with respect to the personal information we transfer outside the country of origin, according to applicable legislation.
In the absence of specific or complementary regulation on the theme from the competent authority under the LFPD (in this case, the National Authority of Data Protection), we can utilize model clauses and rely on models or instructions utilized in European regulations.
Retention of Data and Duration of Treatment
We will store the personal information only for the time legally required or as necessary to realize the purposes mentioned in this Privacy Notice, in conformity with the determinations of any applicable legislation, and as further set forth below.
Your LGPD Rights
As a data owner, you have various rights as specified in applicable law, including specifically the rights contained in Article 18 of the LGPD, and in accordance with the time frames and under the terms indicated in applicable regulations, to the extent fitting and upon your request:
- Right of Confirmation and Access: Confirmation of the existence of treatment and access to your data, including about the public and private entities with which we engage in shared use of your data.
- Right of Correction: Correction of incomplete, inaccurate or outdated data, so that you can update, correct or delete personal information by into contact with us. We recommend that you seek to update or correct your personal information whenever necessary.
- Right of Elimination: It is possible to request anonymization, blocking or elimination of personal information if they are unnecessary, excessive or treated outside of conformity with the LGPD.
- Rights Associated with Consent: If the treatment is based on your consent, you have the right not to supply or to revoke such consent. However, in this case, you may only have limited access to the Website and its content, because we are unable to assure continuity of use. You also have the right to solicit elimination of personal information treated with consent, as permitted by applicable law.
- Right of Review: You have the right to solicit review of decisions made solely based on automated treatment of personal information that affect your interests, including decisions intended to define your personal and professional profile or aspects of your personhood (if any).
- Right of Data Portability: You can exercise your right to transfer your personal information to another controller, by express requisition and observing our trade and industrial secrets, according to the regulations of the National Authority of Data Protection and applicable legislation.
- Other Rights: To the extent we base treatment on other hypotheses than your consent to use your personal information, you have the right to oppose such use in violation of applicable law. You also have the right to receive certain information about the third parties with which we engage in shared use of your personal information, besides the right to complain to the competent authorities.
Submitting Requests: If you wish to exercise any of the foregoing rights or correct your personal information, please submit your request to us by completing the web form available at https://www.msci.com/DSR-external-form.
Information you provide
Information you provide
You may provide us with personal information when you communicate with us. You are responsible for providing us with accurate, complete and up-to-date information on a lawful basis.
Information you provide through day-to-day interaction with us: You may provide us with personal information through day-to-day interactions, including in-person or through various communications technologies, as necessary to develop or support our business relationship. Such relationships may include employees and other personnel of our clients and prospects, directors, Vendors, consultants, and other professional advisors. Personal Information here typically consists of business contact details but could include other information appropriate to the business relationship. For example, Vendors who are individuals may also provide payment details and professional qualifications.
Information you provide through our Website: You may provide us with personal information whenever you fill out a form on our Website, for example, to ask us a question, or request that we contact you about our products and services, research or events; to subscribe to our marketing, careers or investor relations emails; to download content; to register for events; or to submit a website form to us for any other reason (including, for example, to exercise privacy rights where they apply). The information that you provide to us may include your contact details, and any other information collected on the form to allow us to fulfil the request.
Information you provide as an employee of a client, through our products or through our client support portals: When you log in to use our products or into our client support portal, you provide us with your name, email address, username and password, and we log your product use. Your login credentials may have been created by you or assigned to you either by MSCI or your firm with whom we have a direct contractual relationship.
Information you provide in connection with a job search: When you apply for a job through our career portal, we collect your username and password, contact details and resume/CV. If you apply through a social media platform (e.g., LinkedIn), then depending on the platform you use, we will receive either the information contained in your online profile or the resume/CV that you submit. We also collect information that you provide to us at job fairs and during the interview process. We may also collect information related to your citizenship or immigration status to verify your eligibility for a position being open in a certain country. Finally, we may require a background check as a condition of employment, where required or permitted by the applicable law of your jurisdiction. Background checks may include credit reports and criminal records, and references in relation to recruitment for specific roles.
Information you provide in connection with a job application: In certain instances, we request equal opportunities monitoring information for reporting purposes or internal diversity and inclusion purposes. In these instances, we rely on consent or legitimate interests or employment law processing grounds. We will provide further information at the time this information is requested from you.
Information we receive from other sources
Information from public sources: We collect information from the public domain about individuals who work at companies with whom we are seeking to build a business relationship, for purposes of generating leads. In some cases, and where permitted by law, we use third party services that perform these online searches for us. This information typically consists of business contact details.
As part of our recruitment process, we collect information from the public domain that individuals post on professional networking sites and job boards (e.g., LinkedIn).
Additionally, as part of the production of our ESG products, we collect and publish information from the public domain (e.g., public filings, Websites, press releases, etc.), which may include information about the officers, directors and other senior managers of corporations that are the subject of our ESG ratings and reports. In the limited circumstances where we believe it to be reasonably justified in order to comply with any transparency and record keeping obligations, we rely on relevant exemptions provided under the GDPR in relation to such processing for a special purpose.
In relation to the calculation and maintenance of our equity indexes, we collect and use information from public sources about company shareholding and ownership.
Information from our employees: In furtherance of our employment relationship with our employees, our employee benefit plans and our legal, regulatory and compliance requirements, employees may provide personal information about their spouses/domestic partners, emergency contacts, dependents and other family members. Depending on the purpose, this information may include, for example, name, contact information, age, date of birth, relationship to the employee, gender, account information and social security number or other government issued identifier. This information may pertain to dependent children under the age of 16.
Information from our clients and other third parties: We receive information from our clients and prospects about their personnel for purposes of enabling access to our products, client support portal or other communications portals, and managing our business relationship. This information typically consists of business contact details and login credentials for our products, client support portal or other communications portals.
Clients sometimes include limited personal information in submissions to us, although we do not require such information for our products. We discard or limit internal access to this information, and if used, we seek to anonymize.
Information we collect automatically
- your domain;
- your IP address;
- your date, time and duration of your visit;
- your browser type;
- your operating system;
- your page visits;
- information from third parties;
- other information about your computer or device; and
- Internet traffic.
Email Engagement of Clients and Prospects
We may use web beacons (also known as web bugs, pixel tags or clear GIFs) allowing us to receive interaction information about clients and prospects (opening of emails, clicking of links and associated actions).
Our emails may include links to open attachments, visit pages on our Website, download content, launch surveys or take other actions. If you are in our client or prospect contact database, or have previously interacted with us online, then metadata in these links may enable us to identify you as the person clicking the link.
MSCI Product Usage Statistics
Where available, we collect aggregated and individually identifiable product usage data, which includes product type, login date/time, pages and features used, client accounts viewed, reports generated and other similar product metrics.
Office Visitor Use of MSCI Guest Wi-Fi
If you visit our offices and use our guest Wi-Fi, we automatically collect information about your mobile device, including IP and MAC address, and store / log your online activities. Use of our Wi-Fi is subject to our Wi-Fi Acceptable Use Policy, which you must accept to connect to our guest Wi-Fi.
We employ video surveillance (CCTV), for purposes of office access, safety and security.
Use of personal information
How we use personal information we collect about you depends, in large part, on the purpose for which it is provided to us. The specific purposes for which we process such personal information include:
- managing our relationships with our clients and prospects, including:
- providing our products and services to our clients, prospects and others;
- using information, you submit to us online for purposes of creating leads and generating sales;
- responding to your inquiries and requests, including:
- responding to your questions about our products and services, research or events;
- adding you to our email lists, including marketing, careers and investor relations (subject to your consent, where required by applicable law);
- resolving your product or other support related issues (which in some cases may involve our use of your administrative log in credentials for client support and quality cases);
- processing, evaluating and completing transactions and requests involving the Website and content available through the Website, and more generally transactions involving MSCI's products and services, research and events; and
- providing you with other information and content you have requested;
- organizing, hosting and managing events, including without limitation, handling registrations, distributing participant lists, providing reasonable accommodations (e.g., dietary requests), and using photos / videos taken at the event on our Website and other marketing materials in relation to the event;
- operating, maintaining, developing, improving and customizing our Website, including:
- the content and features accessible on our Website;
- enabling your access to and use of restricted portions of our Website, including our products, careers site, client support site and email preferences center; and
- developing, producing, operating, and maintaining our products and services;
- improving our products and services, including through the use of client satisfaction surveys and aggregated product usage data, and using such data for research and analysis;
- managing our relationships with our Vendors;
- managing our relationships with our external advisors, board members, etc.;
- recruiting staff, including:
- managing our recruitment, work placement and internship processes, including considering applications for employment / placement and making offers; and
- evaluating candidates for future job opportunities (subject to your consent, where required by applicable law);
- managing our relationships with our employees, including:
- performing our obligations as employers;
- managing talent management and employee engagement programs;
- managing employee benefits; and
- complying with our legal and compliance requirements;
- managing visitor access to our offices / facilities, and protecting the safety and security of MSCI personnel, office visitors, and our offices / facilities;
- protecting the security, confidentiality and integrity of our Website, IT systems, hardware and networks, and information (including personal information of MSCI, its clients and prospects, Vendors, personnel and others);
- complying with applicable laws, rules and regulations, and in furtherance of our related internal policies, including compliance policies and records retention requirements;
- responding to your inquiries and requests that are based on legal rights that you may have (e.g., data access rights); and
- managing, protecting against and investigating fraud, risk exposure, claims and other liabilities, including but not limited to violations of our contract terms or laws or regulations.
We do not track your online activities across the Internet. We do not use your personal information for automated decision making, including profiling. We do not sell or rent your personal information to third parties.
If you do not provide us with your personal information or refuse to provide or withdraw consent (where applicable), we may not be able to perform some or all of the above-described actions.
Legal basis for processing
Where required by applicable data protection law our processing of your personal information will be justified on a lawful basis, such as:
- the processing is necessary to perform a contract with you, or take steps to enter into a contract at your request;
- the processing is necessary for us to comply with a relevant legal obligation;
- the processing is in our legitimate interests, and our interests are not overridden by your interests, fundamental rights or freedoms; or
- you have consented to the processing.
We process personal information on the basis of our legitimate interests, unless we are performing a contract with you (or taking steps to enter into a contract with you at your request), processing to comply with a legal obligation or relying on your consent. For example, we process personal information on the basis of our legitimate interests when operating our Website; managing our relationships with our clients, prospects and Vendors; creating leads and generating sales; managing product and client support logins; IT systems monitoring and network security; building security and safety; and managing our compliance policies/legal/regulatory obligations.
Disclosure of personal information
MSCI is a multinational corporation, with offices around the globe. We share data internally among our corporate affiliates and business units in the ordinary course of our daily operations. For a current listing of our global offices, please visit the Contact Us page of our Website at https://www.msci.com/contact-us.
We share personal information with our Vendors (or our Vendors may collect personal information directly on our behalf), in connection with their performance of services for us. For example, our Vendors assist us in conducting and managing our business; fulfilling our obligations under our agreements; managing our Website, and the content and features available on our Website; managing, providing and improving our products, research, services and client support; providing information to you and responding to your requests. Our Vendors process personal information in accordance with our instructions and are subject to appropriate contractual restrictions and security and confidentiality obligations while MSCI remains liable for the personal information shared with its vendors where MSCI is a controller. Generally, the countries in which our service providers are located are the same counties in which we operate.
If you work for a client, we may provide information about your product usage to your firm with whom we have a direct contractual relationship.
If you attend our events, we may share your name in our participant list/brochure, and we may include photographs/videos taken of you at the event on our Website and in our marketing materials.
We may be required to disclose your personal information to comply with any applicable legal or regulatory requirements, or where we believe that the disclosure will further an investigation of suspected or actual illegal activities; to enforce our legal rights; or if we believe it is reasonably necessary to prevent harm or loss.
We may share your personal information with third parties in connection with potential or actual sale of our company or any of our assets, or those of any affiliated company, including through mergers and acquisitions, changes of control or divestitures, or in connection with bankruptcy or insolvency, in which case personal information held by us about our users may be one of the transferred assets. Where appropriate, we will take reasonable measures to require the recipient of your personal information to treat it in accordance with this Privacy Notice. MSCI reserves the right to share any information that you provide which is not deemed personal information or is not otherwise subject to contractual restrictions.
MSCI maintains physical, technical and organizational safeguards designed to protect personal information against unauthorized disclosure or access, and accidental or unlawful destruction, loss or alteration. Highlights of MSCI’s information security program can be found on our Website at https://www.msci.com/information-security.
While MSCI aims to safeguard and protect your personal information from unauthorized access, improper use or disclosure, unauthorized modification or unlawful destruction or accidental loss, and MSCI utilizes and maintains certain reasonable processes, systems, and technologies to do so, you acknowledge that no transmission over the Internet is completely secure or error-free, and that these processes, systems, and technologies utilized and maintained by MSCI may be subject to compromise. Accordingly, we cannot be held responsible for unauthorized or unintended access that is beyond our control.
Retention of your personal information
While we generally aim to retain your personal information for the period during which we have a relationship with you, there are many reasons why we may need to retain your data for longer. For example, we may need to retain your personal information if the purpose for which we collected it extends beyond the term of our relationship. We may also retain your personal information for a term that corresponds to a statute of limitations, to establish, exercise or defend legal claims, or as otherwise permitted or required by law, so that in each case we have an accurate record of your dealings with us in the event of any complaints or challenges. We may also retain your personal informationfor compliance or regulatory purposes, where we are required to do so in accordance with legal, regulatory, tax and/or accounting requirements, or to support a legal or regulatory process, audits, or requests or requirements of a legal or regulatory authority or other governmental entity having authority to make the request.
The Website is not for use by children under the age of 16 years. Except as described in this Privacy Notice with respect to information that employees provide to us about their beneficiaries and dependents in connection with our employment relationship with our employees and our employee benefit plans, MSCI does not knowingly collect, store, share or use the personal information of children under 16 years. If you are under the age of 16 years, please do not provide any personal information, even if prompted by the Website to do so. If you are under the age of 16 years and you have provided personal information, please ask your parent(s) or guardian(s) to notify MSCI and MSCI will take appropriate steps to delete all such personal information.
We send our marketing emails within the US on an opt-out basis and outside of the US, we rely on opt-in consent. We offer multiple ways to manage your email subscriptions, including an online preference center, unsubscribe mechanisms, and direct client support.
Managing your subscription to our email groups
You can unsubscribe from our emails and update your communication preferences and personal information as follows:
Marketing / Client Support: You can unsubscribe from our marketing emails or update your marketing preferences at any time by clicking the “unsubscribe” or “change preferences” link provided in such emails. If you work for an existing client, you can update your marketing preferences on our client support site, located at https://support.msci.com/marketing-preferences, or by contacting our client support team directly. You can also contact our client support team to update your contact information or opt out of marketing emails at any time.
Talent Network / Careers: You can unsubscribe from our Talent Network emails at any time by clicking the “unsubscribe” link provided in such emails. In addition, if you have applied for a job but did not receive an offer of employment, we may retain your job application and personal information in order to consider you for future opportunities, subject to your consent where required by applicable law. You can contact our Talent Acquisition team to update your contact information at any time.
Investor Relations: You can unsubscribe from our investor relations emails at any time by clicking the “unsubscribe” link provided in such emails. You can also opt out and update your email preferences on our Investor Relations site.
The Website may contain links to third party sites. Since MSCI does not control nor is responsible for the privacy practices of those websites, we encourage you to review the privacy policies of these third party sites. This Privacy Notice applies solely to personal information collected by our Websites or during our business activities.
How to contact us
If you have any questions in relation to this Privacy Notice or our processing of your personal information (other than in relation to a specific information or data subjects rights request), you can contact us at either:
7 World Trade Center
250 Greenwich Street, 49th Floor
New York, NY 10007 USA
Attn: Legal Department
Ninth Floor, Ten Bishops Square, Spitalfields
London E1 6EG UK
Attn: Privacy Officer
Our external data protection officer for IPD Investment Property Databank GmbH and Barra International, LLC Niederlassung Deutschland is:
represented by Prof. Dr. Christoph Bauer
Changes to this notice
This Privacy Notice may be changed from time to time to reflect changes in our practices concerning the collection and use of personal information. Please check back frequently to see any updates or changes to this Privacy Notice.