Privacy Pledge Intro

Privacy notice

Last modified: December 9, 2024

Protecting the confidentiality and security of personal information is integral to the way in which MSCI Inc. and its affiliates ("MSCI", “us” or “we”) conduct business worldwide.

Generally, MSCI is the “controller” of any personal information that you provide to us, and this Privacy Notice is intended to cover certain notice requirements when we determine the purpose and means of processing such personal information in the regions in which we operate. Where additional provisions required by local legislation apply, we have addressed those provisions in separate expanders below.

This Privacy Notice, our Cookie Notice and other legal notices listed on this website (www.msci.com)  (together, with all sub-domains and other websites that we own or operate "Website") explain our collection, use and disclosure of personal information collected in the course of our business activities.

This Privacy Notice does not apply to information collected, stored, shared, or distributed by third party sites. This Privacy Notice does not apply to our employees, who are covered by our internal notices, policies and procedures.

Please read this Privacy Notice carefully. The summary immediately below describes only highlights, and we encourage you to read this Privacy Notice completely.
 

Summary

MSCI is a multinational corporation, with offices around the world. MSCI’s clients and prospects are companies, not individuals or consumers. MSCI’s vendors, service providers and consultants (together “Vendors”) are typically companies but on occasion may be individuals.

We process personal information that comes from three sources: information you provide, information we receive from other sources, and information collected automatically.

The first category, information you provide, includes information that you provide through our website, through our products or through our client support portals, through day-to-day interaction with us, in connection with a job search, and as a visitor to our offices.

The second category, information we receive from other sources, includes information from public sources, information from our employees, and information from our clients.

The last category, information we collect automatically, includes information collected when you visit our website or use our IT systems/networks.

Where required by applicable data protection law, our processing of your personal information will be justified on a lawful basis. We do not sell or rent your personal information to third parties. We share data internally among our corporate affiliates and business units in the ordinary course of our daily operations. We share personal information with our Vendors in connection with their performance of services for us, in accordance with our instructions, and subject to appropriate contractual restrictions and security and confidentiality obligations. We may be required to disclose your personal information for legal/regulatory/compliance purposes or in connection with an investigation, or if we believe it is reasonably necessary to prevent harm or loss. We may also share your personal information in connection with certain corporate events.

MSCI maintains and applies consistent physical, electronic and procedural safeguards that aim to protect personal information against loss, misuse, damage or modification and unauthorized access or disclosure.

Highlights of MSCI’s information security program can be found on our website at https://www.msci.com/information-security.

We send our marketing emails within the US on an opt-out basis and outside of the US, we rely on opt-in consent.

If you have legislative access or similar legal rights in your jurisdiction with respect to your personal information, and you wish to exercise any such rights as further identified in this Privacy Notice, you can submit your request to us by completing the web form available at https://www.msci.com/DSR-external-form.

Please note that a fee may be charged where laws permit. Please do not use these web forms to manage your subscriptions to our email groups. Instead, please follow the instructions below. Please do not use this form if you work for a current client or Vendor or prospective client or Vendor of MSCI and wish to have your business contact information updated. You can update that information by contacting your local MSCI representative directly. If you are a current MSCI employee, please use the appropriate internal resources provided.


EU/EEA/UK/SWITZERLAND specific GDPR rights

ADDITIONAL PRIVACY INFORMATION FOR CALIFORNIA RESIDENTS

ADDITIONAL PRIVACY INFORMATION FOR RESIDENTS OF SOUTH AFRICA

ADDITIONAL PRIVACY INFORMATION FOR RESIDENTS OF BRAZIL

Information you provide

 

Information you provide

You may provide us with personal information when you communicate with us. You are responsible for providing us with accurate, complete and up-to-date information on a lawful basis.

Information you provide through day-to-day interaction with us: You may provide us with personal information through day-to-day interactions, including in-person or through various communications technologies, as necessary to develop or support our business relationship. Such relationships may include employees and other personnel of our clients and prospects, directors, Vendors, consultants, and other professional advisors. Personal Information here typically consists of business contact details but could include other information appropriate to the business relationship. For example, Vendors who are individuals may also provide payment details and professional qualifications.

Information you provide through our Website: You may provide us with personal information whenever you fill out a form on our Website, for example, to ask us a question, or request that we contact you about our products and services, research or events; to subscribe to our marketing, careers or investor relations emails; to download content; to register for events; or to submit a website form to us for any other reason (including, for example, to exercise privacy rights where they apply). The information that you provide to us may include your contact details, and any other information collected on the form to allow us to fulfil the request.

Information you provide as an employee of a client, through our products or through our client support portals: When you log in to use our products or into our client support portal, you provide us with your name, email address, username and password, and we log your product use. Your login credentials may have been created by you or assigned to you either by MSCI or your firm with whom we have a direct contractual relationship.

Information you provide in connection with a job search: When you apply for a job through our career portal, we collect your username and password, contact details and resume/CV. If you apply through a social media platform (e.g., LinkedIn), then depending on the platform you use, we will receive either the information contained in your online profile or the resume/CV that you submit. We also collect information that you provide to us at job fairs and during the interview process. We may also collect information related to your citizenship or immigration status to verify your eligibility for a position being open in a certain country. Finally, we may require a background check as a condition of employment, where required or permitted by the applicable law of your jurisdiction. Background checks may include credit reports and criminal records, and references in relation to recruitment for specific roles.

Information you provide in connection with a job application: In certain instances, we request equal opportunities monitoring information for reporting purposes or internal diversity and inclusion purposes. In these instances, we rely on consent or legitimate interests or employment law processing grounds. We will provide further information at the time this information is requested from you.

Information we receive from other sources

Information from public sources: We collect information from the public domain about individuals who work at companies with whom we are seeking to build a business relationship, for purposes of generating leads. In some cases, and where permitted by law, we use third party services that perform these online searches for us. This information typically consists of business contact details.

As part of our recruitment process, we collect information from the public domain that individuals post on professional networking sites and job boards (e.g., LinkedIn).

Additionally, as part of the production of our ESG and Real Assets products, we collect and publish information from the public domain (e.g., public filings, Websites, press releases, etc.), which may include information about the officers, directors and other senior managers of corporations that are referenced within our products, are the subject of our ESG ratings and reports. In the limited circumstances where we believe it to be reasonably justified in order to comply with any transparency and record keeping obligations, we rely on relevant exemptions provided under the GDPR in relation to such processing for a special purpose.

In relation to the calculation and maintenance of our equity indexes, we collect and use information from public sources about company shareholding and ownership.

Information from our employees: In furtherance of our employment relationship with our employees, our employee benefit plans and our legal, regulatory and compliance requirements, employees may provide personal information about their spouses/domestic partners, emergency contacts, dependents and other family members. Depending on the purpose, this information may include, for example, name, contact information, age, date of birth, relationship to the employee, gender, account information and social security number or other government issued identifier. This information may pertain to dependent children under the age of 16.

Information from our clients and other third parties: We receive information from our clients and prospects about their personnel for purposes of enabling access to our products, client support portal or other communications portals, and managing our business relationship. This information typically consists of business contact details and login credentials for our products, client support portal or other communications portals.

Clients sometimes include limited personal information in submissions to us, although we do not require such information for our products. We discard or limit internal access to this information, and if used, we seek to anonymize.
 

Information we collect automatically

Cookies

We use cookies to automatically collect information about you when you visit and take action on our Website, which may in some cases constitute personal information under applicable data protection law, including but not limited to:

  • your domain;
  • your IP address;
  • your date, time and duration of your visit;
  • your browser type;
  • your operating system;
  • your page visits;
  • information from third parties;
  • other information about your computer or device; and
  • Internet traffic.

Detailed information about our use of cookies can be found in our Cookie Notice at https://www.msci.com/cookie-policy.

Email Engagement of Clients and Prospects

We may use web beacons (also known as web bugs, pixel tags or clear GIFs) allowing us to receive interaction information about clients and prospects (opening of emails, clicking of links and associated actions).

Our emails may include links to open attachments, visit pages on our Website, download content, launch surveys or take other actions. If you are in our client or prospect contact database, or have previously interacted with us online, then metadata in these links may enable us to identify you as the person clicking the link.

MSCI Product Usage Statistics

Where available, we collect aggregated and individually identifiable product usage data, which includes product type, login date/time, pages and features used, client accounts viewed, reports generated and other similar product metrics.

Office Visitor Use of MSCI Guest Wi-Fi

If you visit our offices and use our guest Wi-Fi, we automatically collect information about your mobile device, including IP and MAC address, and store / log your online activities. Use of our Wi-Fi is subject to our Wi-Fi Acceptable Use Policy, which you must accept to connect to our guest Wi-Fi.

Video Monitoring

We employ video surveillance (CCTV), for purposes of office access, safety and security.
 

Use of personal information

How we use personal information we collect about you depends, in large part, on the purpose for which it is provided to us. The specific purposes for which we process such personal information include:

  • managing our relationships with our clients and prospects, including:
    • providing our products and services to our clients, prospects and others;
    • using information, you submit to us online for purposes of creating leads and generating sales;
    • correlating data in our CRM systems about our clients’ and prospects’ personnel with Website data, including product and client support site login data, for purposes of creating leads and generating sales, which we may perform through the use of cookies that enable us to monitor and analyze Website login data, usage and trends;
    • responding to your inquiries and requests, including:
      • responding to your questions about our products and services, research or events;
      • adding you to our email lists, including marketing, careers and investor relations (subject to your consent, where required by applicable law);
      • resolving your product or other support related issues (which in some cases may involve our use of your administrative log in credentials for client support and quality cases);
      • processing, evaluating and completing transactions and requests involving the Website and content available through the Website, and more generally transactions involving MSCI's products and services, research and events; and
      • providing you with other information and content you have requested;
  • organizing, hosting and managing events, including without limitation, handling registrations, distributing participant lists, providing reasonable accommodations (e.g., dietary requests), and using photos / videos taken at the event on our Website and other marketing materials in relation to the event;
  • operating, maintaining, developing, improving and customizing our Website, including:
    • the content and features accessible on our Website;
    • enabling your access to and use of restricted portions of our Website, including our products, careers site, client support site and email preferences center; and
    • logging, understanding and analyzing your use of our Website, for the purpose of improving our Website (and content and features on our Website) and your experience on our Website, which we may perform through the use of cookies that enable us to monitor and analyze Website login data, usage and trends;
  • developing, producing, operating, and maintaining our products and services provided, we generally do not seek or require personal information for use within our products and services;
  • improving our products and services, including through the use of client satisfaction surveys and aggregated product usage data, and using such data for research and analysis;
  • managing our relationships with our Vendors;
  • managing our relationships with our external advisors, board members, etc.;
  • recruiting staff, including:
    • managing our recruitment, work placement and internship processes, including considering applications for employment / placement and making offers; and
    • evaluating candidates for future job opportunities (subject to your consent, where required by applicable law);
  • managing our relationships with our employees, including:
    • performing our obligations as employers;
    • managing talent management and employee engagement programs;
    • managing employee benefits; and
    • complying with our legal and compliance requirements;
  • managing visitor access to our offices / facilities, and protecting the safety and security of MSCI personnel, office visitors, and our offices / facilities;
  • protecting the security, confidentiality and integrity of our Website, IT systems, hardware and networks, and information (including personal information of MSCI, its clients and prospects, Vendors, personnel and others);
  • complying with applicable laws, rules and regulations, and in furtherance of our related internal policies, including compliance policies and records retention requirements;
  • responding to your inquiries and requests that are based on legal rights that you may have (e.g., data access rights); and
  • managing, protecting against and investigating fraud, risk exposure, claims and other liabilities, including but not limited to violations of our contract terms or laws or regulations.

We do not track your online activities across the Internet. We do not use your personal information for automated decision making, including profiling. We do not sell or rent your personal information to third parties.

If you do not provide us with your personal information or refuse to provide or withdraw consent (where applicable), we may not be able to perform some or all of the above-described actions.
 

Legal basis for processing

Where required by applicable data protection law our processing of your personal information will be justified on a lawful basis, such as:

  • the processing is necessary to perform a contract with you, or take steps to enter into a contract at your request;
  • the processing is necessary for us to comply with a relevant legal obligation;
  • the processing is in our legitimate interests, and our interests are not overridden by your interests, fundamental rights or freedoms; or
  • you have consented to the processing.

We process personal information on the basis of our legitimate interests, unless we are performing a contract with you (or taking steps to enter into a contract with you at your request), processing to comply with a legal obligation or relying on your consent. For example, we process personal information on the basis of our legitimate interests when operating our Website; managing our relationships with our clients, prospects and Vendors; creating leads and generating sales; managing product and client support logins; IT systems monitoring and network security; building security and safety; and managing our compliance policies/legal/regulatory obligations.

We process personal information on the basis of consent only with respect to email marketing, events registration (including reasonable accommodations (e.g., dietary requests)), use of cookies, use of photos/videos, and retention of job application data for future consideration. Please see “Marketing Emails”, below, to read about how we obtain consent for marketing emails.
 

Disclosure of personal information

MSCI is a multinational corporation, with offices around the globe. We share data internally among our corporate affiliates and business units in the ordinary course of our daily operations. For a current listing of our global offices, please visit the Contact Us page of our Website at https://www.msci.com/contact-us.

We share personal information with our Vendors (or our Vendors may collect personal information directly on our behalf), in connection with their performance of services for us. For example, our Vendors assist us in conducting and managing our business; fulfilling our obligations under our agreements; managing our Website, and the content and features available on our Website; managing, providing and improving our products, research, services and client support; providing information to you and responding to your requests. Our Vendors process personal information in accordance with our instructions and are subject to appropriate contractual restrictions and security and confidentiality obligations while MSCI remains liable for the personal information shared with its vendors where MSCI is a controller. Generally, the countries in which our service providers are located are the same counties in which we operate.

If you work for a client, we may provide information about your product usage to your firm with whom we have a direct contractual relationship.

If you attend our events, we may share your name in our participant list/brochure, and we may include photographs/videos taken of you at the event on our Website and in our marketing materials.

We may be required to disclose your personal information to comply with any applicable legal or regulatory requirements, or where we believe that the disclosure will further an investigation of suspected or actual illegal activities; to enforce our legal rights; or if we believe it is reasonably necessary to prevent harm or loss.

We may share your personal information with third parties in connection with potential or actual sale of our company or any of our assets, or those of any affiliated company, including through mergers and acquisitions, changes of control or divestitures, or in connection with bankruptcy or insolvency, in which case personal information held by us about our users may be one of the transferred assets. Where appropriate, we will take reasonable measures to require the recipient of your personal information to treat it in accordance with this Privacy Notice. MSCI reserves the right to share any information that you provide which is not deemed personal information or is not otherwise subject to contractual restrictions.
 

Security

MSCI maintains physical, technical and organizational safeguards designed to protect personal information against unauthorized disclosure or access, and accidental or unlawful destruction, loss or alteration. Highlights of MSCI’s information security program can be found on our Website at https://www.msci.com/information-security.

While MSCI aims to safeguard and protect your personal information from unauthorized access, improper use or disclosure, unauthorized modification or unlawful destruction or accidental loss, and MSCI utilizes and maintains certain reasonable processes, systems, and technologies to do so, you acknowledge that no transmission over the Internet is completely secure or error-free, and that these processes, systems, and technologies utilized and maintained by MSCI may be subject to compromise. Accordingly, we cannot be held responsible for unauthorized or unintended access that is beyond our control.
 

Retention of your personal information

While we generally aim to retain your personal information for the period during which we have a relationship with you, there are many reasons why we may need to retain your data for longer. For example, we may need to retain your personal information if the purpose for which we collected it extends beyond the term of our relationship. We may also retain your personal information for a term that corresponds to a statute of limitations, to establish, exercise or defend legal claims, or as otherwise permitted or required by law, so that in each case we have an accurate record of your dealings with us in the event of any complaints or challenges. We may also retain your personal informationfor compliance or regulatory purposes, where we are required to do so in accordance with legal, regulatory, tax and/or accounting requirements, or to support a legal or regulatory process, audits, or requests or requirements of a legal or regulatory authority or other governmental entity having authority to make the request.
 

Children

The Website is not for use by children under the age of 16 years. Except as described in this Privacy Notice with respect to information that employees provide to us about their beneficiaries and dependents in connection with our employment relationship with our employees and our employee benefit plans, MSCI does not knowingly collect, store, share or use the personal information of children under 16 years. If you are under the age of 16 years, please do not provide any personal information, even if prompted by the Website to do so. If you are under the age of 16 years and you have provided personal information, please ask your parent(s) or guardian(s) to notify MSCI and MSCI will take appropriate steps to delete all such personal information.
 

Marketing emails

We send our marketing emails within the US on an opt-out basis and outside of the US, we rely on opt-in consent. We offer multiple ways to manage your email subscriptions, including an online preference center, unsubscribe mechanisms, and direct client support.
 

Managing your subscription to our email groups

You can unsubscribe from our emails and update your communication preferences and personal information as follows:

Marketing / Client Support: You can unsubscribe from our marketing emails or update your marketing preferences at any time by clicking the “unsubscribe” or “change preferences” link provided in such emails. If you work for an existing client, you can update your marketing preferences on our client support site, located at https://support.msci.com/marketing-preferences, or by contacting our client support team directly. You can also contact our client support team to update your contact information or opt out of marketing emails at any time.

Talent Network / Careers: You can unsubscribe from our Talent Network emails at any time by clicking the “unsubscribe” link provided in such emails. In addition, if you have applied for a job but did not receive an offer of employment, we may retain your job application and personal information in order to consider you for future opportunities, subject to your consent where required by applicable law. You can contact our Talent Acquisition team to update your contact information at any time.

Investor Relations: You can unsubscribe from our investor relations emails at any time by clicking the “unsubscribe” link provided in such emails. You can also opt out and update your email preferences on our Investor Relations site.
 

External links

The Website may contain links to third party sites. Since MSCI does not control nor is responsible for the privacy practices of those websites, we encourage you to review the privacy policies of these third party sites. This Privacy Notice applies solely to personal information collected by our Websites or during our business activities.
 

How to contact us

If you have any questions in relation to this Privacy Notice or our processing of your personal information (other than in relation to a specific information or data subjects rights request), you can contact us at either:

MSCI Inc.
7 World Trade Center
250 Greenwich Street, 49th Floor
New York, NY 10007 USA
Attn: Legal Department
Email: privacy@msci.com

-OR-

MSCI Limited
Ninth Floor, Ten Bishops Square, Spitalfields
London E1 6EG UK
Attn: Privacy Officer
Email: privacy@msci.com 

Changes to this notice

This Privacy Notice may be changed from time to time to reflect changes in our practices concerning the collection and use of personal information. Please check back frequently to see any updates or changes to this Privacy Notice.


Copyright - MSCI ESG Ratings and Research Private Limited 

© 2024 MSCI Inc. All rights reserved.