ESG PlayBook, Inc.
ESG endeavors to be fully compliant with the General Data Protection Regulation (“GDPR”). For the purpose of the GDPR, ESG acts as a Controller of personal data (as such terms is defined in the GDPR).
2. What personal data ESG Playbook may collect?
I. We may collect and process the following personal data when you provide it to us:
(a) your name, job title and professional contact details (phone number, email and office address);
(b) information that you provide by filling in forms on the Site. This includes information provided at the time of registering to use our Site, subscribing to our product, posting material or requesting further services. We may also ask you for information when you report a problem with our Site;
(c) if applicable, personal data you provide in account creation forms;
(d) if you contact us, we may keep a record of that correspondence; and
(e) details of your visits to our Site and the resources you access.
II. We may collect and process the following personal data automatically when you use and interact with the Site:
(a) your general activity on the Site (e.g., your viewing history and search activity, including the date and time the Site was used);
(b) identifiers such as an anonymized session identifier;
(c) website traffic volume, frequency of visits, and type and time of transactions you initiate through the Site;
(d) information regarding your interaction with email messages (e.g., whether you opened, clicked on, or forwarded an email message);
(e) your Internet Protocol (IP) address;
(g) the type and settings of the device, operating system, and browser used to access the Site; and
III. We do not collect, and specifically request that you not send us or disclose to us through the Site or otherwise, any sensitive personal data including, for example, social security numbers, information related to racial or ethnic origin, political opinions, religious, philosophical, or other beliefs, information related to sex life or sexual orientation, health data, biometric or genetic characteristics, criminal convictions and offenses, or trade union membership.
3. What personal data ESG Playbook may collect from other sources?
We may collect and process personal data from external sources including:
(a) publicly available sources such as Google; and
(b) third parties including our service providers, business partners and companies that assist with payment processing, analytics, data processing and management (e.g. to measure ad quality and responses to ads, and to display ads that are more likely to be relevant to you) account management, hosting, customer and technical support, and other services which we use to personalize your Site experience.
We process this information in order to better understand our Site’s users and improve our services, and use it for marketing purposes. We also process this information to permit you to seamlessly use our Site through the use of other platforms.
4. How does ESG Playbook store your personal data?
We take appropriate measures to ensure that your personal data is kept secure, including preventing it from being accidentally lost or used or accessed in an unauthorized way. We limit access to your personal data to those who have a legitimate business need to view it.
Those processing your personal data will do so only in an authorized manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted through any online means.
5. Where will ESG Playbook store your personal data?
Your personal data may be stored and processed in any country where we have facilities or in which we engage service providers. By using the Site you understand that your information may be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries may be entitled to access your personal data.
Some of the non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en. For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, such as the use of standard contractual clauses adopted by the European Commission to protect your Personal Information. You may obtain a copy of these measures by clicking here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en .
6. What uses will be made of your personal data?
We rely on our legitimate interests (or those of a third party) as the lawful basis for collecting and using your personal data. Our legitimate interests relate to our mission is to help companies understand their sustainability risks and report on ESG (Environmental, Social, and Governance) factors using ESG Playbook’s reporting and analysis tools for automating your ESG data collection and reporting process, and providing other sustainability consultants products.
Specifically, we may use your personal data for our legitimate interests, which include the following circumstances:
(a) to operate, maintain and optimize the Site and your account;
(b) to ensure that content from our Site is presented in the most effective manner for you and for your computer;
(c) diagnose problems with and identify any security risks, errors or needed enhancements to the Site;
(d) collect aggregate statistics about use of the Site;
(e) analyze and develop our marketing strategy;
(f) to provide you with information or products that you request from us or which we feel may interest you, unless you have requested that you are not contacted for such purposes;
(g) to carry out our obligations arising from any contracts entered into between you and us;
(h) when it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those legitimate interests;
(i) if necessary, to protect the vital interests of you or another individual, or if it is necessary for a task carried out in the public interest;
(j) to allow you to participate in interactive features of our product, when you choose to do so;
(k) to provide data and analytics to research companies and marketers who may leverage the data to support the creation of their own market research reports based on proprietary data they collect via other sources (these parties will never have any idea whose data they are viewing, the only thing they see is a unique numeric identifier; no name or email is tied to this data); and
(l) to notify you about changes to our products.
The particular “legitimate interests” upon which we rely in processing your personal data include the following:
(a) for purposes of providing the Site to our customers: this includes using and/or obtaining information for purposes of enrolling in trial-based or subscription-based products and services, providing content and information to our customers, and providing customer support;
(b) for the purposes of marketing our services: this includes using your information for the purposes of promoting our business to you, if you request information about our products or indicate that you have an interest in receiving communications on products, if you respond to invitations to events;
You have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing at any time by contacting us (see “Contact Information”).
(c) for the functioning of our business and its operations: this includes using your personal data in the course of operating our business, collecting payments from customers, facilitating a business sale, acquisition or restructuring, or for seeking external legal advice.
We use third-party advertising companies to serve advertisements on our behalf. These companies may use a cookie or an action tag to tailor the advertisements you see on this website and other sites, to track your response to their advertisement, to determine whether advertising has been served and to measure the effectiveness of their advertising.
We use third-party analytics service providers to assist us in collecting and understanding website usage information. We use information from these services to help us improve our website and the services we provide to our users.
By using the Site, you agree to our use of these tracking technologies.
II. What are cookies?
Cookies are small text files that are designed to store information on your computer. A cookie file is created when you use our Site and is processed by the software of your computer. The resulting text file is stored in your computer and it is accessed by your web browser when you visit the website that originally created the cookie.
For your reference, we set out below the wording we use in our cookie banner.
III. What are the types of cookies ESG Playbook uses?
The cookies we use help us improve our Site and do not contain any personal information that would allow us to identify you (such as your name or other contact details).
These are the cookies that may be used during your visit to the Site:
Session cookies: these are stored temporarily during a browsing session and are deleted from your device when the browser is closed. They are used to ensure your visit to our Site is as smooth as possible and allow us to identify your computer as you use the Site.
Persistent cookies: these are saved on your computer for a fixed period (usually one year or more) and are not deleted when the browser is closed. These help us remember you as a visitor each time you use the same computer to visit the Site.
Analytics cookies: these allow us to recognize and count the number of visitors and to see how visitors move around our Site when they are using it. This helps us to continuously improve the way our Site works, for example, by ensuring that users can find what they are looking for easily.
Targeting cookies: these record your visit to our Site, the pages you have visited and the links you have followed. We will use this information to make our advertisement more relevant to your interests. We may also share this information with third parties for this purpose.
Please note that third parties (including, for example, providers of external services like web traffic analysis services) may also have access to these cookies, over which we have no control. These cookies are likely to be analytical cookies.
III. How to disable cookies?
To control cookies, you can modify your settings in most web browsers to accept or deny cookies or to request your permission each time a site attempts to set a cookie. You can also manually delete previously stored cookies at any time. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our Site. Information on how to remove cookies can be found at: http://www.allaboutcookies.org/manage-cookies/.
IV. How to contact ESG Playbook?
8. How and When may ESG Playbook disclose your personal data?
I. We may disclose your personal data the following third parties:
(a) ESG Playbook organizations that receive the personal data provided in intake forms;
(b) third parties, including our partners, and other organizations that are aligned with our mission;
(c) our external third-party service providers;
(e) others with your explicit consent.
II. We may also share information about you in the following contexts:
(a) We may investigate and disclose information from or about you if we have a good faith belief that such investigation or disclosure (a) is reasonably necessary to comply with legal process and law enforcement instructions and orders, such as a search warrant, subpoena, statute, judicial proceeding, or other legal process served on us; (b) is helpful to prevent, investigate, or identify possible wrongdoing in connection with the Site; or (c) protects our rights, reputation, property, or that of our users, affiliates, or the public.
9. Does ESG Playbook alter its practices based on “Do Not Track” signals?
Yes. If your browser settings may allow you to automatically transmit a “Do Not Track” signal to websites and online services you visit, the Site will alter its practices when it receives a “Do Not Track” from a visitor’s browser.
10. How does ESG Playbook Control your personal data?
As described above, in order to process your personal data, we rely on your consent or our legitimate interests to process your data. You may withdraw your consent or object to the use of our personal data at any time, but you may no longer be able to access the Site.
Please note that the Site may contain links to unaffiliated third-party sites. We suggest you read the privacy policies on or applicable to all such third-party services.
You can adjust your privacy settings by contacting us. If you receive a marketing email from us, you can unsubscribe from such emails at any time by following the instructions provided within those emails.
11. What ESG Playbook may do after termination of your Account?
You can update or correct personal information (e.g., your email address) by accessing your account. You can also access or rectify your information by contacting us (see “Contact Information”). You can delete your information by contacting us (see “Contact Information”) with your first name, last name, and the respective email addresses you would like for us to delete.
Please note that we have the right to reject deletion requests that are unduly burdensome or repetitive or that cannot be honored in light of legal obligations or ongoing disputes, or where retention is necessary to enforce our agreements or protect our or another party’s rights, property, safety, or security.
12. How long will ESG Playbook keep your personal data?
We will hold your personal data for as long as necessary to fulfil the purposes we collected it for and consistent with applicable law. To determine the appropriate retention period we consider the amount, the nature and sensitivity of the personal data, the potential risks of harm from unauthorized use or disclosure, the purposes and whether we can achieve those purposes by other means. We will delete it if we identify it as no longer being needed or if you send us a written request to do so.
We may maintain Anonymized Data after you delete your account for analytics purposes
13. Where does ESG Playbook keep your personal data and how will it handle your personal data?
14. What rights do California users have with regard to the personal data collected and maintained by ESG Playbook?
Individual California Users may request information about our disclosures of certain categories of personal data to third parties for such third parties’ direct marketing purposes.
We will provide a list of the categories of personal data disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of these third parties. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the email or mailing address specified in this section.
15. What rights may European users have with regard to the personal data collected and maintained by ESG Playbook?
If you are a user located in Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden or the United Kingdom (collectively, the “European Economic Area” or “EEA”), you have several important rights under the GDPR. In summary, these include rights to:
(a) access your personal data;
(b) require us to correct any mistakes in your information which we hold;
(c) request the erasure of personal data concerning you in certain situations;
(d) request the data to be transferred to a third party in certain situations;
(e) object at any time to processing of personal data concerning you for direct marketing;
(f) object in certain other situations to our continued processing of your personal data;
(g) otherwise restrict our processing of your personal data in certain circumstances; and
(h) claim compensation for damages caused by our breach of any data protection laws.
For further information on these rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individual rights under the GDPR.
If you would like to exercise any of the above rights, please contact us (see “Contact Information”). We will respond to your request consistent with applicable law. In your request, please make clear what personal data you would like to have changed, whether you would like to have your personal data suppressed from our database or otherwise let us know what limitations you would like to put on our use of your personal data. For your protection, we may only implement requests with respect to the personal data associated with the particular email address that you use to send us your request, and we may need to verify your identity and obtain other relevant information before implementing your request. We will undertake our best efforts to comply with your request as soon as reasonably practicable and as required by law.
If you are a user in the EEA, you may lodge a complaint with a data protection authority for your country or region, or where an alleged infringement of applicable data protection law occurs. See http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.
16. How to contact ESG Playbook if you have a complaint?
We hope that we can resolve any query or concern you raise about our use of your personal data by contacting us (see “Contact Information”).
The GDPR also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or EEA) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at ico.org.uk/concerns or telephone: 0303 123 1113.
17. May children use the Site?
No. The Site is not directed to children under 16 and children under 16 are not permitted to use the Site. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data without parental consent, please contact us (see “Contact Information”). If we become aware that a child under 16 has provided us with personal data without parental consent, we take steps to remove such information and terminate the applicable account.
19. What is ESG Playbook’s contact information?
Questions and requests regarding this privacy notice should be addressed to firstname.lastname@example.org.