General Privacy Statement
Last updated: September 30, 2024
This privacy statement (“Privacy Statement”) explains how Morningstar, Inc., its affiliates, and its subsidiaries (collectively, "Morningstar" or "we") collect, use and disclose your personal information.
This Privacy Statement applies to any individual (“you”) who uses any Morningstar product, service, website, or application (“Services”) or otherwise interacts with Morningstar. This includes customers and subscribers, site visitors, app users, or individuals who interact with Morningstar in connection with events and conferences. This Privacy Statement does not apply to contractors, employees, or job applicants.
In the event of a conflict between the agreement concluded between you or your employer and Morningstar and this Privacy Statement, the terms of that agreement will control.
We may provide product-specific privacy statements, and, if we do, they shall apply in lieu of this Privacy Statement.
For California residents, please see our California Notice at Collection.
Where applicable, Morningstar may provide links to third party sites within our Services or in our communications to you. This Privacy Statement does not apply to those sites or any other third parties. We encourage you to read any third party’s privacy notice before providing any personal information to them.
If you have any questions about Morningstar’s privacy practices or this Privacy Statement, please send an email to privacyenquiries@morningstar.com.
Types of Personal Information We Collect
We may collect the following types of information depending on how you interact with us:
- Name and contact information – such as first and last name, email address, postal address, phone number, job title, employer name, and other contact information.
- Account credentials – such as user ID, password, password hints, and other similar security information used to authenticate your account.
- Demographic information – such as age, gender, geographic location, and preferred language.
- Payment details – such as bank account information, credit card number, and other information used by our payment processor.
- Subscription and usage information – such as information about the products or Services you subscribe to or use and how you use them, preferences, browsing history, support services, feedback, and other information about activity on our Services.
- Device and network information – such as IP address, location, internet service provider, unique advertising identifier and mobile device type, cookies and other trackers, non-cookie identifiers, browser data, and any other personal information you choose to share via our Services.
- Financial and portfolio information – such as information about your finances, portfolio, and transactions.
- Audio or video information – If you visit a Morningstar location, communicate on a recorded line, or participate in a recorded Morningstar event, webinar, or meeting, Morningstar may record your image and/or voice.
- Information shared or uploaded by you to access, receive, or use our products and Services (including to attend our events) - such as our clients' employees or contractors' information, profile photo, access requirements, and other information you may provide.
How We Collect Your Personal Information
We may collect personal information about you from a variety of sources, including:
- Directly from you when:
- you access, receive, use, purchase, or subscribe to our Services;
- you visit our sites; or
- you interact with us, including in connection with conferences and events, when you ask us for support, or when you otherwise contact us.
- Automatically from you when you browse our sites or otherwise use our Services. This may include information we collect from your browser or device, or through cookies, including browser or device information and information relating to browsing activity.
- From other sources, which may include:
- Your employer, conference and event organizers, or other partners.
- Your financial advisor, who may give us information about you when they use our products or Services.
- Organizations we engage to provide us with services (“service providers”).
- Data analytics providers and data brokers.
- Government entities.
- Companies that we research or engage with, who may give us data about senior executives, investor relations or customer service representatives, or other contact persons.
- Social networks, internet service providers, operating systems, and platforms.
- Other publicly available sources.
How We Use Personal Information
We may use personal information in connection with the following business activities:
- Services and Support – to provide, operate, administer, and support our Services, including by providing you relevant content and creating and administering your account.
- Account Management, Billing, and Personalization – to enable you to make a purchase, communicate with you, verify your identity, personalize the content you receive, send you white papers or other content you may be interested in, administer our relationship with you or your employer, including as needed to manage billing and other inquiries, and administer the contracts we have with you or your employer.
- Monitor, Develop, and Improve the Services – to monitor your use of the Services, conduct research and administer surveys/questionnaires, and develop and improve the features and functions of our Services, which may include combining usage information with other information about you.
- Events and Conferences – to enable you to engage with, attend, and/or participate in our conferences and events, including by verifying your identity, facilitating payments, or contacting you.
- Customer Support – to provide account, technical and product support.
- Marketing, Analytics, and Advertising – to conduct marketing and advertising, including running third-party advertisements.
- Artificial Intelligence – to enhance your user experience, sort and retrieve articles and information you have access to as part of your subscription, and produce new content based on the data you provide to us.
- Safety, Protection, and Enforcement of Rights – to protect your, our, or third parties’ networks, systems, property, or safety, enforce our contracts, terms, and conditions, or otherwise exercise our legal rights.
- Comply with Applicable Laws and Lawful Requests – to comply with laws and regulations that apply to us or third parties with whom we work, and comply with requests from regulatory agencies, law enforcement, and other public and government authorities.
- Deidentified or Aggregated Data – to generate deidentified or aggregated data that we use for research and product development. We may publish or otherwise provide the results of this research data in our products and Services.
- Corporate Transactions – to participate in any merger, acquisition, bankruptcies, sales, restructuring, or other corporate transaction that may involve the sale or disposal of some or all our assets or business interests.
- Audit and Compliance – to meet our or third parties' audit and compliance requirements.
- Other – as otherwise required or permitted by law, or as otherwise disclosed to you.
How We Disclose Personal Information
Morningstar may disclose your personal information for the purposes indicated above and as follows:
- Affiliates and Subsidiaries – we may disclose the personal information we collect to our affiliates and subsidiaries.
- Business Partners – Morningstar partners with other businesses to support our Services, and we may disclose the personal information we collect to these other businesses (e.g., contact name of fund managers, company officers, investor relations personnel, etc.).
- Service Providers – we may disclose the personal information we collect to service providers who perform functions on our behalf, such as IT and website hosting, marketing and marketing research, customer support, and data storage and analysis.
- Professional Services – we may disclose personal information to consultants, accountants, auditors and legal counsel to help us make decisions about our Services or to comply with our legal or other obligations.
- Customers and Clients – in some circumstances, we may disclose the personal information we collect to our customers and clients to enable our Services (e.g., we may disclose the information we collect about fund managers to our customers and may also include information about executives and investor relations personnel).
- Marketing, Advertising, and Analytics Providers - we may also disclose your personal information, such as device and browsing information, and activities and usage information, to marketing and advertising networks, data analytics providers, and other companies who provide marketing or analytics services on our behalf. For more information, please see the “Cookies and Other Tracking Mechanisms” section below.
We may also disclose your personal information in the following circumstances:
- In Support of Business Transfers. If we or our affiliates or subsidiaries are or may be acquired by, merged with, or invested in by another company, or if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may disclose the personal information we have collected from you with or to the other company. We may also disclose certain personal information as necessary prior to the completion of such a transaction or other corporate transaction such as a financing or restructuring, to lenders, auditors, and third-party advisors, including attorneys and consultants.
- Compliance and Legal Obligations. We may disclose personal information to comply with our legal and compliance obligations and to respond to the legal process. For example, we may disclose information in response to subpoenas, court orders, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements.
- Security and Protection of Rights. We may disclose personal information where we believe doing so is necessary to protect the Services, our rights and property, or the rights, property, and safety of others. For example, we may disclose personal information to (i) prevent, detect, investigate, and respond to fraud, unauthorized activities and access, illegal activities, and misuse of the Services, (ii) prevent, detect, investigate, and respond to situations involving potential threats to you, us, or any other party, or (iii) enforce, detect, investigate, and act in response to violations of our terms, agreements, or policies. We may also disclose personal information related to litigation and other legal claims or proceedings in which we are involved, as well as for our internal accounting, auditing, compliance, recordkeeping, and legal functions.
- Aggregate and Deidentified Information. Notwithstanding anything else in this Privacy Statement, we may use, disclose, and otherwise process aggregate and deidentified information related to our business and the Services to or with third parties for quality control, analytics, research, development, and other purposes.
- Other Disclosures. We may disclose personal information in other ways not described above, but in this event, we will notify you and, if necessary, obtain your consent.
Cookies and Other Tracking Mechanisms
We and other third parties use cookies, pixel tags, and other similar tracking mechanisms to automatically collect information about browsing activity, type of device, and similar information within our Services.
What is a cookie? A cookie is a small file that can be stored on your device when you access our site and is then sent back to us each time you visit our site. Cookies are useful because they allow us to recognize your device and your preferences.
How do we use cookies? We use cookies to know whether you’re logged in to our site, recognize the products and Services you subscribe to, remember your preferred site language, location, and other preferences, and show you advertisements relevant to your interests. We use session cookies (which last until you close your browser) and persistent cookies (which last until you or your browser deletes them). These cookies fall into two broad categories: “essential cookies,” which originate from us and are necessary for us to provide you with our Services, and “non-essential cookies,” which typically originate from third parties and are not required for you to use our Services.
Essential cookies. We may use essential cookies for purposes such as:
- Authentication - We use cookies to allow you to stay signed into our Services and stay signed in throughout one or multiple site visits.
- Subscription - We use cookies to recognize that you’ve purchased certain Services and make sure you’re able to view the content and tools that you’ve paid for.
Non-essential cookies. We may use non-essential cookies, including some provided by third parties, for purposes such as:
- Analytics - to provide us with analytics services. These cookies help us understand how our customers use our sites and services.
- Advertising - to provide advertising services. These cookies help show you ads that may interest you.
Third Party Analytics. We use third party tools, such as Google Analytics and Microsoft Clarity, which are operated by third party companies, to evaluate usage of our sites and Services. These third party analytics companies use cookies, pixels, and other tracking technologies to collect usage data about our Services and to provide us with reports, metrics, and dashboards that help us evaluate usage of our Services, improve our sites, and enhance performance and user experiences. To learn more about Google’s privacy practices, please review the Google Privacy Policy at https://www.google.com/policies/privacy/partners/. You can also download the Google Analytics Opt-out Browser Add-on to prevent your data from being used by Google Analytics at https://tools.google.com/dlpage/gaoptout.
Microsoft may use the data they receive in connection with Microsoft Advertising. You can learn more about Microsoft’s privacy practices at https://privacy.microsoft.com/en-us/privacystatement.
Cross-Device Use. We and our third party providers may use the information that we collect about you within our Services and on other third party sites and services to help us and our third party service providers identify other devices that you use (e.g., a mobile phone, tablet, other computer, etc.).
Customer Lists and Matching. Unless you have opted out, we may share certain hashed customer list information (such as your name, email address and other contact information) with third parties so that we can better target ads and content to our users, and others with similar interests, within third party sites, platforms, and services. You may opt out of being targeted by us in this manner.
Managing Cookie Settings. To prevent cookies from tracking your activity on our sites or visits across multiple websites, you can set your browser to block certain cookies or notify you when a cookie is set. You can also delete cookies. The “Help” portion of the toolbar on most browsers will tell you how to prevent your device from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to delete cookies. Visitors to our sites who disable cookies will be able to browse the sites, but some features may not function.
Industry Solutions for Opting Out of Interest-Based Advertising. Visitors to our sites may follow the steps provided by industry associations and that provide tools and educate users on interest-based advertising. These resources include:
- U.S. Users: you can obtain more information and opt out of receiving targeted ads from participating third-party ad networks at aboutads.info/choices (Digital Advertising Alliance). You may also download the DAA AppChoices (https://youradchoices.com/appchoices) tool in order to help control interest-based advertising on apps on your mobile device.
- EU Users: youronlinechoices.eu (European Interactive Digital Advertising Alliance).
- Canada Users: youradchoices.ca/choices/ (Digital Advertising Alliance of Canada).
- Japan Users: http://www.ddai.info/optout (Data Driven Advertising Initiative in Japan).
Using these resources does not mean you will no longer receive any advertising through our sites or services, or on other websites. You may continue to receive advertisements, for example, based on the particular website that you are viewing (i.e., context based ads) and as described above. Your opt-out may not be effective if your browser is configured to reject cookies, and your choice must be made on every device and browser you use. If you clear cookies, you will need to reconfirm your choice.
Your Privacy Choices
We make available several ways for you to manage your personal information, including preferences regarding cookies, advertising, whether you want to receive marketing and promotional emails from us, and choices regarding your account and profile information.
Requests to Access or Manage Your Information. Certain jurisdictions provide their residents with rights related to personal information, such as rights to access, correct, restrict the sale of, or erase personal information. If applicable, you can exercise these rights by visiting the “Manage your data” section in our Privacy Center.
Marketing Communications. You can change your email preferences regarding marketing emails by using the unsubscribe feature in any such email we send you. Depending on the products and Services, you may also be able to log in to your account and change your marketing/communications preferences.
Account and Profile Information. If you have an account with us, you may be able to access, review, and update your account and profile information, such as your name, email address, contact information, notification preferences, and other profile information by logging in.
How We Protect Your Personal Information
Morningstar maintains an information security program intended to keep your information safe. Please be aware that despite our efforts, no data security measures can guarantee security.
How Long Do We Retain Personal Information?
We store your personal information for as long as needed, or permitted, based on the purposes for which we obtained it, consistent with applicable law. When deciding how long to keep your personal information, we consider whether we are subject to any legal obligations, such as laws that require us to keep records for a certain period of time before we can delete them or as needed to fulfill our obligations in response to a lawsuit.
Data Transfers
Morningstar companies, their affiliates, operations, workforce, and service providers are located throughout the world. Depending on how you interact with us, your personal information may be handled and stored in, accessed from, or transferred to different countries. Whenever we transfer personal information to different countries, we take steps to address transfer and data protection requirements.
Children’s Privacy
Morningstar is a general audience site and does not knowingly collect personal information from minors.
Changes to this Privacy Statement
This Privacy Statement is current as of the date set forth above. We may change, update, or modify this Privacy Statement from time to time, so please be sure to check back periodically. If we make any changes to this Privacy Statement that materially affect our practices regarding our use of the personal information we have previously collected from you, we will endeavor to provide you with notice, such as by posting prominent notice on our website or within the Services.
Contact Us
If you have a concern, complaint, or question about how we handle your personal information, please contact us using the following methods:
- By using our web form – https://www.morningstar.com/request-data
- Email us at privacyenquiries@morningstar.com
- Writing to us at:
Morningstar, Inc.
22 W. Washington St.
Chicago, IL 60602
Attention: Data Protection Officer