The relevant S&P Global entity that provides the products or services and its affiliates (“S&P Global”) may collect, process, or handle Personal Data subject to the Personal Information Protection Law of the People's Republic of China (the “Personal Data”) on behalf of its customers and its affiliates, where applicable (“Customer”).
Although S&P Global’s relationship with its Customers is typically governed by its general terms and conditions and/or a master agreement, which includes order forms, exhibits, schedules and addenda (the “Agreement”), S&P Global is also legally bound under the Personal Information Protection Law of the People’s Republic of China (“PIPL”) concerning the manner in which it collects, uses, and processes Personal Data. This Policy describes S&P Global’s commitment to the processing of Personal Data under the PIPL.
- Appropriate Technical and Management Measures. When S&P Global processes Personal Data on behalf of a Customer, S&P Global implements appropriate technical and organizational measures and a level of security appropriate to the level of risk in order to protect the rights of the data subject.
- Sub-processing. Customer provides general authorization for S&P Global’s engagement of sub-processors. S&P Global requires that each of its sub-processor that have access to Personal Data agree to provide an equivalent level of protection as described in this Policy.
- Written Instructions. S&P Global processes Personal Data in accordance with the terms and to satisfy our obligations set out in the Agreement, this Policy, the S&P Global Corporate Privacy Policy, and any other written terms agreed with Customer from time to time. The foregoing documents set out the subject-matter, duration, nature, purpose, types of Personal Data, categories of data subjects, and the obligations and rights of the Parties in relation to the processing of Personal Data.
- Overseas transfers outside China S&P Global confirms that Personal Data may be transmitted outside of the People’s Republic of China.
A pre-filled and executed version of the Standard Contract for the Cross-Border Transfer of Personal Information (“Standard Contract”) can be found at the links below by Division and only the applicable Standard Contract shall apply:
- Cooperation Concerning Legal Obligations Under PIPL . S&P Global cooperates with the reasonable Customer requests (at the Customer’s reasonable expense) where required by the PIPL to help the Customer fulfil its obligations under the PIPL.
- Deletion of Data; Termination and Variation. At the termination of a Customer’s relationship with S&P Global, S&P Global will delete or return all Personal Data to the Customer (at Customer’s reasonable expense), unless S&P Global is permitted to retain it or is otherwise required to retain it by applicable laws, regulations or bona fide audit and compliance policies. Customer may request a quote of the reasonable fee from S&P Global and S&P Global will provide Customer with a quote for reasonable fees to comply with this request.
This Policy is entered into effect on June 1, 2023 and will remain in effect until, and automatically expire upon, deletion of all Personal Data by S&P Global. S&P Global reserves the right to reasonably amend and update this Policy from time to time. S&P Global will give no less than 30 days’ notice of any such changes, which shall be included on the S&P Global website.
- Governing Law. This Policy shall be governed by the governing law (and subject to the jurisdiction(s)) of the relevant Agreement and otherwise subject to the limitations and remedies expressly set out in the Agreement.
If you have any queries about this Policy, please contact your usual account representative.