Effective from: 1 November 2022
Last updated: 23 January 2023
This policy describes the information collected from you, how Textile Exchange (“Textile Exchange” or “we” or “us” or “our”) uses, discloses, and protects the information, and the rights you may have with respect to the information.
This policy applies to all members, visitors, and users (collectively, “users”, “you” or “your”) that access and use Textile Exchange services, including our websites, textileexchange.org, textilesforsdgs.org, reporting.textileexchange.org, mci.textileexchange.org, globalfibreimpact.com, textileexchange.maps.arcgis.com, reports, tools, surveys, programs, events, and other services (collectively, “Services”), and any information, text, links, graphics, photos, audio, videos, or other materials appearing on the Services (collectively, “Content”).
This policy also applies to accreditation bodies, certification bodies, and certified organizations – including facilities, subcontractors, and certified group members (collectively, “standard users”, “you” or “your”) for the processing of information obtained or created for the certification of Textile Exchange Standards (collectively, “certification information”). When capitalized, Standards refers to all Textile Exchange standards for which the standard user is authorized (e.g., the scope of certification or accreditation).
By accessing or using our Services or content or by providing your data to us via any means, you acknowledge you have read and understand this policy, agree to this policy, and consent to the collection, use, and disclosure of your data as described in this policy.
3. Policy Statements
Textile Exchange is committed to the good use and protection of the data we collect. We adhere to the following key principles in connection with the data we collect:
3.1. Textile Exchange will safeguard the privacy and interests of the users.
3.2. Textile Exchange will aggregate and anonymize the data collected for reporting purposes.
3.3. Textile Exchange will not change or alter the data collected without consent from the user.
3.4. Other than as set forth in this policy, Textile Exchange will not publish any identifiable data collected without consent from the user.
3.5. Other than as set forth in this policy, Textile Exchange will not share data collected with any third party without the consent of the user.
3.6. Textile Exchange will not sell or share any of your information for marketing purposes.
3.7. Textile Exchange does not collect sensitive personal data such as ethnicity, religion, or race.
3.8. Personal data. Textile Exchange respects the privacy of users. We are committed to acting in compliance with all applicable personal data protection laws and regulations, including the European Union’s General Data Protection Regulation (the “GDPR”) to ensure that personal data is:
• processed lawfully, fairly, and in a transparent manner
• processed for specified, explicit, and legitimate purposes and not in a manner that is incompatible with those purposes,
• adequate, relevant, and limited to what is necessary for the purposes for which it is being processed,
• accurate and, where necessary, up to date,
• not kept longer than necessary for the purposes for which it is being processed,
• processed in a secure manor by using appropriate technical and organizational means, and
• processed in a manner that complies with the rights of users and users’ personal data.
4. Information We Collect
The information that we collect from you broadly falls into five categories: personal information you give us, organizational information you give us, certification information you give as part of your certification to our Standards, the information we automatically collect when you use our Services, and information we collect from third parties.
4.1. The personal information you give us. The personal information you provide for the use of Textile Exchange Services may include:
(a) Contact information, such as your name, organization, designation or title, email address, mailing/shipping address, phone number, social links, etc.
(b) Profile information, such as photo, preferred language, biography, etc.,
(c) Payment information, such as billing address, payment card number, validity, security code, etc.
(d) Involvement information, such as services of interest, services engaged, event attendance, cases, comments, community engagement, job application, etc.
(e) Survey information, such as feedback on survey questions.
4.2. Organizational information you give us. The organizational information you provide for the use of Textile Exchange Services may include:
(a) Account information, such as organization name, website, address, phone number, related contacts, company size, etc.
(b) Membership information, such as status, level, renewal, start year, payment, onboarding, etc.
(c) Involvement information, such as field of operation, services of interest, services engaged, event attendance, cases, comments, community engagement, etc.
(d) Fiber and materials information, such as strategy, targets, usage, business practice, certifications, claims, supporting evidence, etc.
(e) Climate+ related information, such as strategy, targets, outcome/impact, business practice, certifications, claims, supporting evidence, etc.
4.3. Certification and accreditation information you give us. The certification information you provide comprises all information obtained or created for the certification of Textile Exchange Standards, which may include:
(a) Personal information of representatives of standard users, such as name, designation or title, email address, etc.
(b) Organization profile information, such as organization name, organization identification, licensing information, website, address, phone number, related contacts, etc.
(c) Scope certificate information – data and supporting evidence required to create and/or is contained in a scope certificate, such as certified organization details, certified products, certified facilities, etc.
(d) Transaction certificate information – data and supporting evidence required to create and/or is contained in a transaction certificate, such as certification body details, seller details, buyer details, certified weights, declarations by certification bodies, certified input references, certified products, certified raw materials and declared geographic origin, declarations by seller, etc.,
(e) Site level information – data pertaining to a certified organization’s site(s) or product(s), as required by the standard or related normative documents (e.g., RAF-503a RWS Farm Questions), such as farm details, production details, farm management details, etc.
(f) Audit information – data collected during the course of an audit, including the application period preceding the on-site audit, audit reports, and any corrective actions after the report. Any unannounced audit data is also included, if applicable.
(g) Non-conformity information – data pertaining to the non-conformities issued at any time by the certification body during an audit of the Standards’ requirements.
(h) Certification process information – data pertaining to certification or accreditation bodies and activities, including certification body or inspection body personnel involved or potentially involved, ownership structure, and contact information.
(i) Commercially sensitive information, such as financial, business, and technical records that may be considered sensitive, are not expected as a routine submission but may be required as part of an investigative inquiry.
(j) Complaints information – data obtained from or created during the course of the processing of complaints about the misuse of our Standards, accreditation procedures, certification procedures, and claims/labeling procedures. The disclosure of the identity of a complainant is voluntary, however non-disclosure may hinder the full investigation of the complaint.
4.4. Information automatically collected. Personal information that may be automatically collected when you use Textile Exchange services includes:
(a) Cookies and web analytics information. When you use our services, information about your browsing device, behavior, and activity may be collected using cookies and webpage analytics. Most web browsers accept cookies and webpage analytics by default. You may reject or remove cookies through your browser settings, but it might limit the availability and functionality of our Services.
(b) Do not track (“DNT”) signals. Some web browsers incorporate a DNT feature that signals to websites that the user does not want to have their online activity tracked. Due to the lack of a common interpretation of DNT signals, we do not alter, change, or respond to DNT signals from these browsers
4.5. Information we collect from third parties. We may receive your personal or organizational information from other users (e.g., as an additional contact for Services such as a round table) and our partner organizations (e.g., as a participating organization of joint Services with a partner organization).
5. How We Use Information
All the information we collect, we collect to deliver and improve our Services and for legitimate and lawful purposes.
5.1. Deliver, maintain, and improve our Services.
(a) To individuals:
- Identify you as a user to deliver the right Services to you.
- Process your payments.
- Provide you with communications such as newsletters, updates, and alerts.
- Plan and facilitate events for which you have registered or that you will attend.
(b) To organizations:
- Measure your organization’s use of preferred fiber and materials and Climate+ outcomes/impacts.
- Measure the industry’s use of preferred fiber and materials and Climate+ outcomes/impacts.
- Publish industry data, trends, and insights on preferred fiber and materials.
- Provide advisory services on preferred fiber and materials.
5.2. Deliver, maintain, and improve our Standards and certification process.
(a) To individuals:
- Identify you as a representative of a certified organization, certification body, or accreditation body involved in the certification activities.
- Provide you with updates on our Standards and gather your feedback for improvements.
- Deliver better value for being certified or accredited to our Standards.
(b) To certified organizations:
- Monitor, evaluate, and improve our Standards and certification.
- Provide assurance to our Standards and certification.
- Provide traceability and transparency of certified material.
- Prevent duplication or fraud by creating a single source of truth for certificate authentication and volume reconciliation.
- Provide an up-to-date public registry of certified organizations. This may include all scope certificate data except for subcontractors, farms, and homeworker identification data. The certified organization may choose to have their contact details shared publicly or not.
(c) To certification bodies and accreditation bodies:
- Provide a public registry of certification bodies and accreditation bodies
- Process your invoices and payments.
- Provide quality assurance relating to our Standards and certification.
5.3. Process your requests, inquiries, complaints, referrals, comments, etc. In connection with complaints about the misuse of our Standards, accreditation procedures, certification procedures, and claims/labeling procedures, data is used to investigate and resolve complaints in accordance with the ASR-110 Complaints Procedure, and to monitor and evaluate our Standards, accreditation, certification, and claims/label activities for quality assurance.
5.4. Personalize our Services to your preference and convenience, for example, customizing your preference on communication, involvements, connections, etc.
5.5. Analyze and measure our Services to better understand what Services are used more often and why.
5.6. Provide a legal, safe, and secure environment to comply with applicable laws, deter fraud/malicious activity, protect user privacy, safeguard security, etc., and for other legitimate and lawful purposes
5.7. Aggregate and anonymize data. Textile Exchange reserves the right to use your personal or organizational information as part of an aggregate or anonymized data set at its discretion.
6. How We Share Information
6.1. Information that we share. We will not share your information with individuals or organizations outside of Textile Exchange except in the following cases:
(a) When the information is deemed as public. We may share your information when the information processed is clearly labeled as public data or is otherwise publicly available. For example:
- In connection with our Standards, scope certificate data is deemed public
- Public surveys in which you participate are deemed public.
(b) With your consent. We may share your non-public personal or organizational information publicly with organizations or individuals outside of Textile Exchange only when we have received your explicit consent. For example:
- Your personal information may be shared with other individuals who are part of the same working group.
- Your organization may be listed on our services as part of a leaderboard in connection with our Services.
- Your organizational information is featured in our reports.
(c) For processing information on behalf of another organization. In certain cases, to reduce the burden on your organization to report the same data repeatedly, Textile Exchange has partnered with programs/initiatives that your organization may be participating in to process information on their behalf and share the information that you have reported to us, with them. In such cases, your agreement is sought before any information is shared and the information shared is limited to relevant scope of the program/initiative. (e.g., if your organization is participating in the Materials Benchmark Program and is also a signatory to The Fashion Pact, we may require you to report additional information relevant to The Fashion Pact and share relevant information to The Fashion Pact).
(d) For external processing via service providers. We may share your information with service providers who perform activities on our behalf to develop and maintain our Services. Vendors, contactors, and service providers may use your personal and organizational data only in support of their work for us and are contractually obligated to process and handle your data in a manner consistent with this policy. For example, for processing financial payments, maintenance of our systems, consulting services, etc.
(e) For legal, safety, and security reasons. We may share information your information if we reasonably believe that disclosing the information is needed to:
- Comply with any valid legal process, governmental request, or applicable law, rule, or regulation.
- Investigate or remedy any potential violation of our Terms of Service and enforce our Terms of Service.
- Protect the rights, property, or safety of us, our users, or others.
- Detect and resolve any fraud or security concerns.
(f) For merger or acquisition. If Textile Exchange is involved in a merger, asset sale, financing, liquidation or bankruptcy, or acquisition of all or some portion of our business by another company, we may share your information with relevant parties to such transactions before and after the transaction closes.
7. Control and Accuracy of Your Information
7.1. Your consent. You consent to us processing or sharing your information when you use one or more of our Services.
- You choose to use our tools and programs (e.g., The Materials Benchmark Program, Textile Exchange Hub etc.)
- You choose to be certified to our Standards. Certification bodies shall reference this policy in their certification agreement.
- You sign the Licensing Agreement (ASR-208 Certification Body Contract) to be a certification body accredited to certify our Standards.
- You sign the Authorization Agreement (ASR-209 Accreditation Body Contract) to be an accreditation body authorized to perform accreditation for our Standards.
7.2. Control of your personal information.
(a) Your personal data will be reviewed periodically to ensure that it is accurate, complete, and up to date. During the review process, you may be asked to provide further information or updates.
(b) You can request access, correction, and deletion of your personal information in the following ways:
- Edit your preference and information in the profile settings of our Services, such as hub.textileexchange.org and reporting.textileexchange.org, and/or
- Email us at DGoffice@textileexchange.org.
(c) Communications and newsletters. Email communications from us, including circulation of our newsletters, will contain an unsubscribe link that allows you to opt-out of receipt of future email communications and newsletters.
7.3. Control of your organizational information.
(a) All organization information provided to Textile Exchange is voluntary, self-reported, and deemed up-to-date, accurate, reliable, and complete for its purpose.
(b) Where necessary, we may provide guidance to support the reporting of your organizational data. This support is provided for informational purposes only to be used at your own free will and according to your best judgment.
(c) For some Services, we may carry out desktop review and validation to ensure the accuracy and completeness of your organizational data. You may be contacted during the review for clarification and confirmation of your data. These reviews are not deemed as a formal independent verification process, unless expressly contracted and provided as such.
(d) You can request access, correction, and deletion of your organizational information in the following ways:
- Edit the information directly in our Services, such as at reporting.textileexchange.org. This may only be possible at selected times during the data lifecycle.
- Email us at DGoffice@textileexchange.org.
7.4. Control of your certification information.
(a) All certification information provided directly or indirectly (via certification bodies) to Textile Exchange is deemed up-to-date, accurate, reliable, and complete for its purpose.
(b) Certification and accreditation bodies and certified organizations shall ensure that all data provided to Textile Exchange is deemed up-to-date, accurate, reliable, and complete for its purpose.
(c) You can request access to your certification information by emailing us at DGoffice@textileexchange.org. Deletion of your certification information is only permissible if you no longer wish to be certified to our standards. For such cases, please contact your certification body.
8. Security and Retention of Information
8.1. Retention of your personal information. If you have opted-in to our Services or are using our Services, we will retain your personal information for the duration that we provide these Services to you. If you have not opted-in to our Services, we will retain your personal information as long as there is active engagement between you and Textile Exchange. If there is no active engagement for a period of 12 months, your personal data will be deleted from our systems.
8.2. Retention of your organizational information. Unless there is an express request for removal, your organizational information will remain in our systems for the purpose that it was provided. If you request for your organization data to be deleted from our systems, we may remove what identifies your organization, but retain the data as part of our aggregate reporting.
8.3. Retention of your certification information. Unless there is an express request for removal, your organizational data will remain in our systems for the lifespan of our Standards.
8.4. Security of your information. As part of our Data Governance Policy, we are continuously implementing and improving technical, administrative, and physical security measures to safeguard your information from unauthorized access, disclosure, use, and modifications. Please be aware that, despite our best efforts, no security measures are perfect or impenetrable.
8.5. Requesting Removal or Deletion. To request the removal or deletion of your information, you may email us at DGoffice@textileexchange.org.
9. Global Data Transfer
9.1. As a global organization, Textile Exchange may collect and process data in the United States, the United Kingdom, the European Union, and other countries. Data protection laws vary among countries, with some providing more protection than others. Regardless of where your information is processed, we apply the same protections described in this policy under the GDPR.
10. Your Rights
10.1. We are committed to honoring your rights under applicable data protection laws.
10.2. Subject to applicable law, you may have one of more of the following rights (for example, if you are located in the European Union with rights under the GDPR, or if you have similar rights under the laws of other countries):
(a) Right to be informed. You have the right to be informed about our collection and use of your personal data.
(b) Right to access. You have the right to make a written request for details of your personal information and to be provided with a copy of your personal data held by us.
(c) Right to rectification. You have the right to request that we update or correct any personal information that you believe is outdated or inaccurate.
(d) Right to erasure. You have the right to request that certain personal information about you be deleted. We will comply with your request unless there is an overriding legitimate ground for retaining the information.
(e) Right to restrict processing. You have the right to request that we restrict the processing of your personal data (for example, while we verify or investigate your concerns with this information).
(f) Right to data portability. You have the right to request that your provided personal data be transferred to you or to a third party in machine-readable electronic format.
(g) Right to withdraw consent. Where the processing of your personal information by us is based on consent, you have the right to withdraw your previously given consent. If you withdraw your consent, this will not affect the lawfulness of our use of your personal information prior to the withdrawal of your consent.
(h) Right to object. You have the right to object to the further processing of your personal data, including the right to object to use for marketing purposes.
(i) Right to object to automated processing. You have the right to object to decisions being made about your personal data solely based on automated decision-making or profiling.
10.3. To exercise any rights under the GDPR, whether or not specifically referenced elsewhere in this policy, you may contact us at DGoffice@textileexchange.org.
10.4. Users in certain jurisdictions may have rights under applicable data protection laws to make complaints to a supervisory authority. For users located in the European Union, if we are not able to satisfactorily resolve your questions, concerns, or complaints, or if you believe that the processing of your personal data infringes on your rights under applicable data protection laws, you have the right, without prejudice to any other administrative or judicial remedies, to lodge a complaint with a supervisory authority, in particular, in the Member State of your habitual residence, place of work, or place of the alleged infringement. Contact information of the supervisory authorities may be found at the following site, here.
11. Other Provisions
11.1. Third-party services. Our Services may link to websites and services operated by third parties, such as social media, certification bodies, partner organizations, sponsor organizations, reference organizations, etc. The use of these websites and services provided by such third parties is subject to the privacy policies of those providers. Textile Exchange does not own or control these third parties, and when you use these third-party websites and services, you are providing your information to them. This policy only applies to information collected by Textile Exchange.
11.2. Changes to this policy. Textile Exchange may update or revise this policy from time to time. When we make changes to this policy, we will post them on our sites and indicate the last updated date.
11.3. Children. Our Services are not intended for, directed at, and we do not knowingly collect personal information from anyone under the age of 13. When we learn that certain personal information is of a child under 13 years old, then we will delete that information.
If you have questions or complaints about this policy or our handling of your information, please contact us at:
Telephone: +1. 806.428.3411
Mail: 511 South 1st Street Lamesa, TX 79331 USA