Last modified: August 30, 2018
Protecting the confidentiality and security of personal information is integral to the way in which MSCI Inc. and its affiliates ("MSCI") conduct business worldwide. Generally, MSCI is the controller of any personal information that you provide to us (and for the purposes of EU General Data Protection Regulation (“GDPR”), this Privacy Notice applies when we act as the controller of personal information).
This Privacy Notice does not apply to information collected, stored, shared, or distributed by third-party sites. This Privacy Notice does not apply to our employees, who are covered by our internal notices, policies and procedures.
Please read this Privacy Notice carefully. The summary immediately below describes only highlights, and we encourage you to read this Privacy Notice completely. By visiting our Website you acknowledge the practices described in this Privacy Notice.
MSCI is a multinational corporation, with offices around the globe. MSCI’s clients and prospects are companies, not individuals or consumers. MSCI’s vendors, service providers and consultants (together, “Vendors”) are typically companies but on occasion may be individuals.
We process personal data that comes from three sources: information you provide, information we receive from other sources, and information collected automatically.
The first category, information you provide, includes information that you provide through our Website, through our products or through our client support portals, through day-to-day interaction with us, in connection with a job search, and as a visitor to our offices. The second category, information we receive from other sources, includes information from public sources, information from our employees, and information from our clients. The last category, information we collect automatically, includes information collected when you visit our Website or use our IT systems/networks.
Where required by applicable data protection law, including the GDPR, our processing of your personal information will be justified on a lawful basis. We do not sell or rent your personal information to third parties. We share data internally among our corporate affiliates and business units in the ordinary course of our daily operations. We share personal information with our Vendors in connection with their performance of services for us, in accordance with our instructions, and subject to appropriate contractual restrictions and security and confidentiality obligations. We may be required to disclose your personal information for legal/compliance purposes or in connection with an investigation, or if we believe it is reasonably necessary to prevent harm or loss. We may also share your personal information in connection with certain corporate events.
If your personal information is transferred outside the EU/EEA/UK to other MSCI group companies or to Vendors, we will take steps to ensure that your personal information receives the same level of protection as if it remained within the EU/EEA/UK. MSCI maintains physical, electronic and procedural safeguards that aim to protect the information against loss, misuse, damage or modification and unauthorized access or disclosure. Highlights of MSCI’s information security program can be found on our Website at https://www.msci.com/information-security.
We send our marketing emails within the US on an opt-out basis, in accordance with CAN-SPAM. Outside of the US, we rely on opt-in consent. We offer multiple ways to manage your email subscriptions, including an online preference center, unsubscribe mechanisms, and direct client support.
If you are a resident of the EU, you have the following rights under the GDPR (“GDPR Rights”): right of access / subject access request, right of rectification, right to erasure (the “right to be forgotten”), right to restriction processing, right to data portability, right to object to processing (including profiling) based on legitimate interests and direct marketing (including profiling), rights in relation to automated decision making and profiling, and right to lodge a complaint with the supervisory authority of your habitual residence, place of work or place of alleged. If you wish to exercise any of your GDPR Rights, please submit your request to us by completing the web form available at https://www.msci.com/gdpr-external-form.
Information You Provide
You may provide us with personal information when you communicate with us.
Information you provide through our Website: You may provide us with personal information whenever you fill out a form on our Website, for example, to ask us a question, or request that we contact you about our products and services, research or events; to subscribe to our marketing, careers or investor relations emails; to download content; to register for events; or to submit a form based on legal rights that you may have (e.g., individual rights under GDPR). The information that you provide to us includes your contact details, and any other information collected on the form to allow us to fulfil the request.
Information you provide as a client, through our products or through our client support portals: When you log in to use our products or into our client support portal, you provide us with your username and password, and we log your product use. Your login credentials may have been created by you, or assigned to you either by MSCI or your firm with whom we have a direct contractual relationship.
Information you provide through day-to-day interaction with us: You may provide us with personal information through day-to-day interactions as necessary to support our business relationship. This information typically consists of business contact details, but could include other information appropriate to the business relationship. For example, Vendors who are individuals may also provide payment details and professional qualifications.
Information you provide in connection with a job search: When you apply for a job through our careers portal, we collect your username and password, contact details and resume/CV. If you apply through a social media platform (e.g., LinkedIn), then depending on the platform you use, we will receive either the information contained in your online profile or the resume/CV that you submit. We collect information that you provide during the interview process. Finally, we may require a background check as a condition of employment, where required or permitted by the applicable law of your jurisdiction. Background checks may include credit reports and criminal records, and references in relation to recruitment for specific roles.
Information We Receive from Other Sources
Information from public sources: We collect information from the public domain about individuals who work at companies with whom we are seeking to build a business relationship, for purposes of generating leads. In some cases and where permitted, we use third party services that perform these online searches for us. This information typically consists of business contact details.
As part of our recruitment process, we collect information from the public domain that individuals post on professional networking sites and job boards (e.g., LinkedIn).
Additionally, as part of the production of our ESG products, we collect and publish information from the public domain (e.g., public filings, websites, press releases, etc.), which may include information about the officers and directors of corporations that are the subject of our ESG ratings and reports. As part of our standard process, we ask the respective companies to forward the link to this Privacy Notice on to them.
In relation to the calculation and maintenance of our equity indexes, we collect and use information from public sources about company shareholding and ownership.
Information from our employees: In furtherance of our employment relationship with our employees, our employee benefit plans and our legal and compliance requirements, employees may provide personal information about their spouses / domestic partners, emergency contacts, dependents and other family members. Depending on the purpose, this information may include, for example, name, contact information, age / date of birth, relationship to the employee, gender, account information and social security number or other government issued identifier. This information may pertain to children under the age of 16.
Information from our clients: We receive information from our clients and prospects about their personnel for purposes of enabling access to our products and client support portal, and managing our business relationship. This information typically consists of business contact details and login credentials log in credentials for our products and client support portal.
In some our real estate products, the data submission forms that our clients submit may include limited personal information.
Information We Collect Automatically
- your domain;
- your IP address;
- your date, time and duration of your visit;
- your browser type;
- your operating system;
- your page visits;
- information from third parties;
- other information about your computer or device; and
- Internet traffic.
MSCI Product Usage Statistics
- Where available, we also collect aggregated usage data in relation to our products.
Office Visitor Use of MSCI Guest Wi-Fi
In addition, if you visit our offices and use our guest Wi-Fi, we automatically collect information about your mobile device, including IP and MAC address, and store / log your online activities. Use of our WiFi is subject to our WiFi Acceptable Use Policy, which you must accept to connect to our guest WiFi.
We employ video surveillance (CCTV), for purposes of office access, safety and security.
Use of Personal information
How we use information we collect about you depends, in large part, on the purpose for which it is provided to us. The specific purposes for which we process such personal information include:
- operating, maintaining, developing, improving and customizing our Website, including:
- the content and features accessible on our Website;
- enabling your access to and use of restricted portions of our Website, including our products, careers site, client support site and email preferences center; and
- managing our relationships with our clients and prospects, including:
- providing our products and services to our clients, prospects and others;
- using information you submit to us online for purposes of creating leads and generating sales;
- responding to your inquiries and requests, including:
- responding to your questions about our products and services, research or events;
- adding you to our email lists, including marketing, careers and investor relations (subject to your consent, where required by applicable law);
- registering you for events;
- resolving your product or other support related issues (which in some cases may involve our use of your administrative log in credentials for client support and quality cases);
- processing, evaluating and completing transactions and requests involving the Website and content available through the Website, and more generally transactions involving MSCI's products and services, research and events; and
- providing you with other information and content you have requested; and
- developing, producing, operating, and maintaining our product and services;
- improving our products and services, including through the use of client satisfaction surveys and aggregated product usage data, and using product aggregated product usage data for research and analysis;
- managing our relationships with our Vendors;
- managing our relationships with our external advisors, board members, etc.;
- recruiting staff, including:
- managing our recruitment, work placement and internship processes, including considering applications for employment / placement and making offers; and
- evaluating candidates for future job opportunities (subject to your consent, where required by applicable law);
- managing our relationships with our employees, including:
- performing our obligations as employers;
- managing talent management and employee engagement programs;
- managing employee benefits; and
- complying with our legal and compliance requirements;
- managing visitor access to our offices / facilities, and protecting the safety and security of MSCI personnel, office visitors, and our offices / facilities;
- protecting the security, confidentiality and integrity of our Website, IT systems, hardware and networks, and information (including personal information of MSCI, its clients and prospects, Vendors, personnel and others);
- complying with applicable laws, rules and regulations, and in furtherance of our related internal policies, including compliance polices and records retention requirements;
- responding to your inquiries and requests that are based on legal rights that you may have (e.g., individual rights under GDPR); and
- managing, protecting against and investigating fraud, risk exposure, claims and other liabilities, including but not limited to violations of our contract terms or laws or regulations.
We do not track your online activities across the Internet. We do not use your personal information for automated decision making, including profiling. We do not sell or rent your personal information to third parties.
Legal Basis for Processing
Where required by applicable data protection law, including the GDPR, our processing of your personal information will be justified on a lawful basis, such as:
- the processing is necessary to perform a contract with you, or take steps to enter into a contract at your request;
- the processing is necessary for us to comply with a relevant legal obligation;
- the processing is in our legitimate interests, and our interests are not overridden by your interests, fundamental rights or freedoms; or
- you have consented to the processing.
We process personal information on the basis of our legitimate interests, unless we are performing a contract with you (or taking steps to enter into a contract with you at your request), processing to comply with a legal obligation or relying on your consent. For example, we process personal information on the basis of our legitimate interests when operating our Website; managing our relationships with our clients, prospects and Vendors; creating leads and generating sales; managing product and client support logins; IT systems monitoring and network security; building security and safety; and managing our compliance policies/legal obligations.
Disclosure of personal information
MSCI is a multinational corporation, with offices around the globe. We share data internally among our corporate affiliates and business units in the ordinary course of our daily operations. For a current listing of our global offices, please visit the Contact Us page of our Website at: https://www.msci.com/contact-us.
We share personal information with our Vendors (or our Vendors may collect personal information directly on our behalf), in connection with their performance of services for us. For example, our Vendors assist us in conducting and managing our business; fulfilling our obligations under our agreements; managing our Website, and the content and features available on our Website; managing, providing and improving our products, services and client support; and providing information to you and responding to your requests. Our Vendors process personal information in accordance with our instructions, and are subject to appropriate contractual restrictions and security and confidentiality obligations. Generally, the countries in which our service providers are located are the same counties in which we operate. For a current listing of our global offices, please visit the Contact Us page of our Website at https://www.msci.com/contact-us.
We may be required to disclose your personal information to comply with any applicable legal or regulatory requirements, or where we believe that the disclosure will further an investigation of suspected or actual illegal activities; to enforce our legal rights; or if we believe it is reasonably necessary to prevent harm or loss.
We may share your personal information with third parties in connection with potential or actual sale of our company or any of our assets, or those of any affiliated company, including through mergers and acquisitions, changes of control or divestitures, or connection with bankruptcy or insolvency, in which case personal information held by us about our users may be one of the transferred assets. Where appropriate, we will take reasonable measures to require the recipient of your personal information to treat it in accordance with this Privacy Notice. MSCI reserves the right to share any information that you provide which is not deemed personal information or is not otherwise subject to contractual restrictions.
Data Transfers Outside of the EU/EEA/UK
If your personal information is transferred outside the EU/EEA/UK to other MSCI group companies or to Vendors, we will take steps to ensure that your personal information receives the same level of protection as if it remained within the EU/EEA/UK, including by entering into data transfer agreements, using the European Commission approved Standard Contractual Clauses, or by relying on certification schemes such as the EU - US Privacy Shield or other then-currently valid mechanisms for transfers. For transfers to MSCI in the US, a country that does not benefit from a adequacy decision by the European Commission, and for other transfers within the MSCI group, we have put in place European Commission approved Standard Contractual Clauses, which protect personal information transferred between MSCI entities.
If you are a resident of the EU/EEA/UK, you have a right to obtain details of the mechanism under which your personal information is transferred outside of the EU/EEA/UK by completing the web form available at https://www.msci.com/gdpr-external-form.
MSCI maintains physical, electronic and procedural safeguards that aim to protect the information against loss, misuse, damage or modification and unauthorized access or disclosure. Highlights of MSCI’s information security program can be found on our Website at https://www.msci.com/information-security.
While MSCI aims to safeguard and protect your personal information from unauthorized access, improper use or disclosure, unauthorized modification or unlawful destruction or accidental loss, and MSCI utilizes and maintains certain reasonable processes, systems, and technologies to do so, you acknowledge that no transmission over the Internet is completely secure or error-free, and that these processes, systems, and technologies utilized and maintained by MSCI may be subject to compromise. Accordingly, we cannot be held responsible for unauthorized or unintended access that is beyond our control.
Retention of your Personal Information
While we generally aim to retain your personal information for the period during which we have a relationship with you, there are many reasons why we may need to retain your data for longer. For example, we may need to retain your personal data if the purpose for which we collected it extends beyond the term of our relationship. We may also retain your personal information for a term that corresponds to a statute of limitations, to establish, exercise or defend legal claims, or as otherwise permitted or required by law, so that in each case we have an accurate record of your dealings with us in the event of any complaints or challenges. We may also retain your personal information for compliance or regulatory purposes, where we are required to do so in accordance with legal, tax and/or accounting requirements, or to support a legal process, audits, or requests or requirements of a legal authority or other governmental entity having authority to make the request.
The Website is not for use by children under the age of 16 years. Except as described in this Privacy Notice with respect to information that employees provide to us about their beneficiaries and dependents in connection with our employment relationship with our employees and our employee benefit plans, MSCI does not knowingly collect, store, share or use the personal information of children under 16 years. If you are under the age of 16 years, please do not provide any personal information, even if prompted by the Website to do so. If you are under the age of 16 years and you have provided personal information, please ask your parent(s) or guardian(s) to notify MSCI and MSCI will delete all such personal information.
We send our marketing emails within the US on an opt-out basis, in accordance with CAN-SPAM. Outside of the US, we rely on opt-in consent.
Managing your Subscription to our email Groups
You can unsubscribe from our emails and update your communication preferences and personal information as follows:
Marketing / Client Support: You can unsubscribe from our marketing emails or update your marketing preferences at any time by clicking the “unsubscribe” or “change preferences” link provided in our emails. If you are an existing client, you can update your marketing preferences on our client support site, located at https://support.msci.com/marketing-preferences, or by contacting our client support team directly. You can also contact our client support team to update your contact information or opt out of marketing emails at any time.
Talent Network / Careers: You can unsubscribe from our Talent Network emails at any time by clicking the “unsubscribe” link provided in our emails. In addition, if you have applied for a job but did not receive an offer of employment, we may retain your job application and personal information in order to consider you for future opportunities, subject to your consent where required by applicable law. You can contact our Talent Acquisition team to update your contact information at any time.
Investor Relations: You can unsubscribe from our investor relations emails at any time by clicking the “unsubscribe” link provided in our emails. You can also opt out and update your email preferences on our Investor Relations site.
EU Specific GDPR Rights
If you are a resident of the EU, you have the following rights under the GDPR (“GDPR Rights”):
Where your personal information is subject to restriction we will only process it with your consent or for the establishment, exercise or defence of legal claims.
- Right of Access / Subject Access Request: You are entitled to request confirmation that your personal information is being processed; access to your personal information; and other supplementary information that may not be included in this Privacy Notice.
- Right of Rectification: You are entitled to have any inadequate, incomplete or incorrect personal information corrected.
- Right to Erasure (the “right to be forgotten”): You are entitled to have your personal information erased under specific circumstances, such as where you have withdrawn your consent, where you object to processing based on legitimate interests and we have no overriding legitimate grounds, or where personal information is unlawfully processed.
- Right to Restriction Processing: You have the right to restrict our processing of your personal information (that is, allow only its storage) where:
- you contest the accuracy of the personal information, until we have taken sufficient steps to correct or verify its accuracy;
- where the processing is unlawful but you do not want us to erase the personal information;
- where we no longer need your personal information for the purposes of the processing, but you require such personal information for the establishment, exercise or defence of legal claims; or
- where you have objected to processing justified on legitimate interest grounds (see below), pending verification as to whether we have compelling legitimate grounds to continue processing.
- Right to Data Portability: Where we are relying (as the legal basis for processing) upon your consent, or the fact that the processing is necessary to perform a contract to which you are party or to take steps at your request prior to entering a contract, and the personal information is processed by automatic means, you have the right to receive all such personal information which you have provided Us in a structured, commonly used and machine-readable format, and also to require us to transmit it to another controller where this is technically feasible.
- Right to Object: You have the right to object to:
- Processing (including profiling) based on legitimate interest grounds: Where we are relying upon legitimate interests to process personal information, you have the right to object to that processing. If you object, we must stop that processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or we need to process the personal information for the establishment, exercise or defence of legal claims. Where we rely upon legitimate interest as a basis for processing we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.
- Direct marketing (including profiling): You have the right to object to our use of your personal information (including profiling) for direct marketing purposes, such as when we use your personal information to invite you to our promotional events.
- Rights in Relation to Automated Decision Making and Profiling: We do not use your personal information for automated decision making, including profiling.
- You have a right to obtain details of the mechanism under which your personal information is transferred outside of the EU/EEA/UK by completing the web form available at https://www.msci.com/gdpr-external-form.
- You have the right to lodge a complaint with the supervisory authority of your habitual residence, place of work or place of alleged infringement, if you consider that the processing of your personal information infringes applicable law. A list of data protection supervisory authorities is available at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
Exercising Your EU Specific GDPR Rights
If you wish to exercise any of your GDPR Rights, please submit your request to us by completing the web form available at https://www.msci.com/gdpr-external-form. Please note that a fee may be charged where laws permit. Please do not use this web form to manage your subscriptions to our email groups. Instead, please follow the instructions above.
Please do not use this form if you work for a current client or Vendor or prospective client or Vendor of MSCI and wish to have your business contact information updated. You can update that information by contacting your local MSCI representative directly.
If you are a current MSCI employee, please use the appropriate internal resources provided.
The Website may contain links to third party sites. Since MSCI does not control nor is responsible for the privacy practices of those websites, we encourage you to review the privacy policies of these third party sites. This Privacy Notice applies solely to personal information collected by our Websites or in the course of our business activities.
How to Contact Us
If you have any questions in relation to this policy (other than in relation to any GDPR Rights), you can contact us at:
7 World Trade Center
250 Greenwich Street, 49th Floor
New York, NY 10007
Attn: Privacy Officer
If you are a resident within Germany, you may contact:
|IPD Investment Property Databank GmbH |
An der Welle 5,
|Barra International, LLC Niederlassung |
An der Welle 5,
Changes to this Notice
This Privacy Notice may be changed from time to time to reflect changes in our practices concerning the collection and use of personal information. Please check back frequently to see any updates or changes to this Privacy Notice.