Privacy Policy | CSHR

Privacy Policy

Last updated: May 23, 2026

1. Who We Are and How to Contact Us

The Center for Sustainability and Human Rights, LLC ("CSHR," "we," "us," or "our") is the organization responsible for personal data collected via this website and related interactions.

For the purposes of the EU General Data Protection Regulation (GDPR) and the UK GDPR, we act as the "controller" of personal data collected through our website and direct interactions. We have not appointed a Data Protection Officer and are not currently required by law to do so.

2. Scope of This Privacy Policy

This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you visit our website, engage with our content, or communicate with us. It applies to individuals in the United States, the European Economic Area (EEA), the United Kingdom, and other locations where applicable law provides similar rights.

This Policy is intended to meet the requirements of the GDPR, the UK GDPR, and the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), to the extent these laws apply to our activities.

This Policy does not create a client relationship and does not constitute legal advice.

3. Personal Data We Collect

We collect personal data in three main ways: directly from you, automatically from your device, and from limited third‑party tools you choose to use with us.

3.1 Information You Provide Directly

When you interact with us, you may provide:

  • Name
  • Business email address
  • Phone number
  • Organization name and role
  • Information contained in messages, contact forms, discovery call requests, event registrations, or other communications

For CCPA/CPRA purposes, this typically falls within the following categories: identifiers (such as name and email address) and professional or employment‑related information (such as organization and role).

3.2 Information Collected Automatically

When you visit our website, we may automatically collect:

  • IP address
  • Browser type, operating system, and device information
  • Pages viewed and links clicked
  • Referring URLs
  • Date and time of access

This information is collected through cookies, log files, and similar technologies. For CCPA/CPRA purposes, this is generally "internet or other electronic network activity information."

3.3 Information from Third‑Party Tools

If you use third‑party tools in connection with us (for example, scheduling platforms, webinar tools, or email marketing services), those tools may provide us with basic contact details or engagement information you choose to share.

We do not intentionally collect sensitive personal data (such as information about health, race, or precise geolocation) through this website.

4. Purposes and Legal Bases for Processing (EU/UK)

We process personal data only where we have a valid legal basis and for specific purposes.

4.1 Purposes of Processing

We use personal data for the following purposes:

  • To respond to inquiries and communications
  • To provide requested content, such as executive briefs, newsletters, or event information
  • To schedule and conduct discovery conversations and other meetings
  • To send updates, insights, or invitations where you have requested or consented to receive them
  • To operate, maintain, and improve our website, content, and services
  • To monitor and protect the security and integrity of our website and systems
  • To comply with legal, regulatory, or contractual obligations, and to establish, exercise, or defend legal claims

4.2 Legal Bases (EU/UK)

Where the GDPR or UK GDPR applies, our legal bases may include:

  • Consent — for newsletters, marketing communications, or other optional updates you opt in to receive. You can withdraw consent at any time.
  • Performance of a contract or steps before entering into a contract — where processing is necessary to respond to a specific request, schedule a call, or provide services you have asked for.
  • Legitimate interests — to operate our website, understand how it is used, maintain security, and carry on our advisory business in a way that does not override your rights and freedoms. We have carried out a balancing test for these activities.
  • Legal obligations — where processing is necessary to comply with applicable law (for example, tax, accounting, or regulatory requirements).

For visitors in the EEA or UK, we will generally rely on consent for non‑essential cookies and similar technologies used for analytics, and on legitimate interests for essential cookies, security, and core site functionality.

5. Cookies and Similar Technologies

We use cookies and similar technologies to help operate and analyze our website.

  • Essential cookies are necessary for basic site functionality and security. You cannot opt out of these via our cookie tools, but you can configure your browser to block them (which may affect site functionality).
  • Non‑essential cookies (e.g., analytics cookies) help us understand how visitors use our site so we can improve it.

For visitors in the EEA and UK, we will only use non‑essential cookies where you have given consent via our cookie banner or similar tools. You can withdraw consent at any time by adjusting your cookie preferences or browser settings.

You can usually set your browser to refuse cookies or alert you when cookies are being sent. If you disable cookies, some features of the website may not function properly.

6. How We Share Personal Data

We do not sell personal data and do not share personal information for cross‑context behavioral advertising as those terms are defined under the CCPA/CPRA.

We may share personal data with the following categories of recipients:

  • Service providers / processors: such as website hosting providers, email delivery services, scheduling and communication tools, and analytics or security providers who process data on our behalf.
  • Professional advisers: such as legal, accounting, or insurance providers, where reasonably necessary for our business or to protect our legal rights.
  • Authorities and legal parties: where required to comply with law, regulation, legal process, or enforceable governmental requests, or to establish, exercise, or defend legal claims.

Where we use third‑party service providers, we enter into written agreements requiring them to use personal data only as instructed, to keep it confidential, and to implement appropriate security measures.

7. International Data Transfers

We are based in the United States. If you are located outside the United States, your personal data may be transferred to and processed in the United States or other countries that may not provide the same level of data protection as your home jurisdiction.

Where EU or UK data protection law applies and we transfer personal data outside the EEA or UK, we will implement appropriate safeguards, such as the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum, or rely on applicable derogations where appropriate.

8. Data Retention

We retain personal data only for as long as reasonably necessary to fulfill the purposes described in this Policy, including to satisfy legal, accounting, or reporting requirements.

Indicative retention periods include:

  • General inquiries and communications: typically up to 3 years after our last interaction.
  • Business records (such as contracts, invoices, and related communications): typically up to 7 years, or longer where required by law or for legal claims.

Where you have unsubscribed from our communications, we may retain your email address on a suppression list solely to ensure we respect your choice not to be contacted.

We will securely delete or anonymize personal data when it is no longer needed for the purposes for which it was collected, subject to legal obligations.

9. Your Rights

Your privacy rights depend on where you live and applicable law.

9.1 EU/UK Residents

Under the GDPR/UK GDPR, you may have the right to:

  • Access your personal data and receive a copy
  • Request correction of inaccurate or incomplete data
  • Request deletion of your personal data in certain circumstances
  • Restrict or object to certain processing, including processing based on legitimate interests
  • Request data portability, where technically feasible
  • Withdraw consent where you have previously given it, without affecting the lawfulness of processing before withdrawal

You also have the right to lodge a complaint with your local data protection authority, in particular where you live, work, or believe a breach has occurred.

9.2 U.S. Residents (Including California)

Depending on your state, you may have rights such as:

  • The right to know what personal information we collect, use, and disclose about you
  • The right to request deletion of personal information we have collected, subject to certain exceptions
  • The right to opt out of the sale or sharing of personal information (we do not sell or share personal information as defined by CCPA/CPRA)
  • The right not to be discriminated against for exercising your privacy rights

If and when we become subject to CCPA/CPRA thresholds, we will update this Policy to include any additional required disclosures and processes.

9.3 How to Exercise Your Rights

To exercise any applicable rights, please contact us at [email protected]. We may request additional information to verify your identity and to help us respond efficiently. We will respond within the timeframes required by applicable law — usually within one month for EU/UK residents and 45 days for California residents, subject to any permitted extensions.

10. Data Security

We implement reasonable technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures may include access controls, encryption in transit, and restricted access to personal data based on business need.

No method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

11. Children's Privacy

Our website and services are not intended for individuals under the age of 18, and we do not knowingly collect personal data from children. If we learn that we have collected personal data from a child, we will take steps to delete it as soon as reasonably practicable.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements.

The "Last updated" date at the top of this Policy indicates when it was most recently revised. If we make material changes, we may provide additional notice, such as by email (if we have your contact details) or by posting a prominent notice on our website.

13. Contact Information

If you have any questions about this Privacy Policy or our privacy practices, or if you wish to exercise your rights, you can contact us at:

Center for Sustainability and Human Rights, LLC
Email: [email protected]

Important Note

This Privacy Policy is provided for informational purposes and does not create a client relationship or constitute legal advice.

© 2026 Center for Sustainability and Human Rights, LLC | Last updated: May 23, 2026