Privacy policy

GRI takes the privacy of all participants in its global network seriously. We’re committed to protecting and respecting your privacy and this policy explains when and why we collect personal information about people who contact us or visit our website, how we use it, where we store it and whether we disclose it to others.

How do we collect information from you?

We obtain information about you when you correspond with GRI, become a member of one of our governing bodies or networks, share your contact details with a member of GRI over e-mail, at a meeting or event, when you visit our website or if you register to receive our newsletters or a service.

What information is being collected?

The personal information we collect includes your name, e-mail address, the organization you work for, country and your role title. We process your personal data in our contact relationship management (CRM) system. 

Accessing resources on GRI’s website often means registering as a user. Users access services like online newsletters, GRI Services and Products, discussion forums, report registration, E-shop purchases, and specialized information sources.

Users give contact information - such as name, email address and country - and choose a username and password. This information ensures that users get the services they request. In some instances we ask users for their information when accessing our offerings, for example when downloading a GRI Standard.  User information collected in this way is used to inform our current and future products and better understand market demands.

GRI does not share user information with third parties or contact users for any reason other than to provide the information or services requested. Registration is free of charge.

We also use anonymized data to understand how visitors to our websites are using the sites.  See the Website Analytics area below for more detail.

Information collection related to GRI Standards public consultation

The Global Sustainability Standards Board (GSSB) is authorized by its Terms of Reference to develop and issue the GRI Sustainability Reporting Standards and related Interpretations. These documents are to be developed and issued in the public interest and according to due process.

The GSSB Due Process Protocol asks for public consultation of the exposures drafts and states that Comments made by respondents to an exposure draft are a matter of public record and are posted on the GSSB website after the end of the exposure period.

Should you choose to participate in these types of consultations all comments and selected personal details – name, country, constituency group and, if submitting comments on behalf of the organization, the organization’s name - will be on public record.

Information collection related to purchases and transactions

Additional information is requested when ordering GRI products, services, signing-up as a GRI Community member or registering for events, such as:

  • financial information (such as credit card number, expiry date) for billing purposes. For secure credit card transactions, we use an intermediary, Buckaroo, to process card details through a secure connection. Buckaroo returns the transaction status and the name of the card holder to us. We do not receive the credit card number. Buckaroo does not retain, share, store or use personally identifiable information for any secondary purposes.
  • billing and shipping address. This information is used for billing purposes and to ship orders. If necessary, GRI uses the information to contact customers while processing an order.
  • student ID/registration. This information is used to verify the eligibility to receiving the Reports List free of charge.  
  • photo of government-issued identification document/video recording of a candidate's exam attempt. This information is collected by the Service Provider of the proctoring solution for the GRI Standards Exam. It is stored by the Service Provider for three months. 

How is information used?

We may use your information to:

  • carry out our obligations arising from any contracts entered into
  • apply with applicable laws
  • seek your views or comments on the activities we undertake
  • send you communications which you have requested and that may be of interest to you. These may include information about our activities, networks, events, or other campaigns and promotions
  • clarify your response to a Standards consultation or inform you that a consultation process is about to close
  • facilitate networking at GRI events. We may distribute the list of registrations to participants; in such cases, authorization is requested on the registration form or via subsequent communications.
  • process a job application. Personal information supplied to GRI during a recruitment process will only be used for the purpose of recruitment, will be stored securely and will be destroyed within the appropriate timescales if an applicant is not successful.
  • help us improve engagement and user journeys on our websites.

The retention periods for personal information are monitored on a regular basis. We are legally obliged to hold some types of information and we will only keep your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.

With whom do we share your information?

We will never sell your personal information to third parties without your consent.

We may share your information, from time to time, with trusted third-party service providers we work with for the purposes of undertaking operational activities such as sending newsletters, organizing or hosting our events, or if we are under a duty to disclose or share your personal data to comply with any legal obligations.

Your communication choices

How do you opt out of receiving mailings from GRI?

We will only send you emails if you have given us permission to contact you about GRI’s work. We do not send out random, untargeted emails (spam). Any emails we send you will enable you to opt-out of receiving further emails from us.


How you can access your information?

You have the right to know what information we hold about you. Please contact us via e-mail at GDPR@globalreporting.org. We may charge a small fee to cover the administrative costs associated with this.


How you can update your information?

The accuracy of your personal information is important to us. If any of your details have changed, please let us know via e-mail to GDPR@globalreporting.org.

Cookies, log files and links

For information on Cookies managed by GRI website visit our page here.

To make changes to your Cookie Consent vist our cookie declaration page here.

Website analytics

We obtain information about you when you correspond with GRI, become a member of one of our governing bodies or networks, share your contact details with a member of GRI over e-mail, at a meeting or event, when you visit our website or if you register to receive our newsletters or a service.

Contact information

If you have any questions or comments regarding GRI privacy policy or the processing of your personal data, please contact GDPR@globalreporting.org.

Policy version

This Policy was last updated in June 2020.