ESG Solutions & Consulting GmbH (ESG Chain) takes the protection of your personal data very seriously and strictly adheres to data protection regulations. On May 25, 2018, REGULATION (EU) 2016/679 (EU General Data Protection Regulation) enteredinto force, which forms the basis for ESG Chain’s protection of natural persons when processing personal data.
What personal data do we collect and for what purposes?
ESG Chain collects information that is necessary for running the ESG Chain platform or modules of that platform, such as www.policy-check.com. We process the personal data to provide access to the individual dashboard, to process search queries, track notifications and send status and other e-mails to the users’ personal accounts. In some cases, this personal data is also processed for (direct) marketing purposes.
Information you provide to us: We store and process personal data that you provide to us in direct communication with you, electronically or by other means. The data we process includes, in particular, IP, contact details (name, address, telephone number, email, company and function) as well as contact and event history.
E-mail communication: We store and process personal data that comes to our attention in the joint e-mail communication with you and process this data for the purposes described above. The data includes, in particular, contact details (name, address, telephone number, email, company and function) as well as contact and event history and email content.
Self-generated information: For the purposes of query processing, we store and process data such as queries, results and history, which we relate to your personal data.
In the respective application, we process personal data either with your consent, to fulfill a contract to which you are a party or to initiate a contract, or based on a legal obligation to which we are subject. Otherwise, where we consider it necessary to protect ‘legitimate interests’, in particular to maintain contact details.
In certain cases, the provision of personal data by you is a statutory or contractual obligation, or a necessary requirement in order to enter into a contractual relationship with us. Where you are obliged to provide us with personal data, we will inform you of the possible consequences of not providing such data, unless this is already obvious from the circumstances.
Who has access to your personal data and with whom is it shared?
We ensure that personal data within ESG Chain is only accessible to those who need access based on his/her user rights.
In general, we do not make personal data available to third parties nor do we transfer such data to third countries.
How long do we keep your personal data?
We do not process or store your personal data longer than necessary for the relevant purposes and implement technical and organizational measures to comply with time restrictions within ESG Chain. As a general rule, personal data is kept as long as the user account is open and for six months following closure of the user account.
You have the opportunity at any time to request confirmation as to whether personal data concerning you is still being processed and the deletion of the personal data, in particular if your personal data is no longer necessary for the purposes for which it was collected or processed .
How do we protect and secure your personal information?
ESG Chain has implemented technical and organizational measures to limit access to your personal data to those persons who need to have access based on their duties and responsibilities. Employees who have access to your personal data are familiar with the relevant data protection regulations relevant to their work. Your personal data will be processed in a database set up in a secure server environment. You will be subject to security checks to the extent necessary to identify a possible security risk.
If – despite these technical and organizational measures – a personal data breach occurs, we have put in place notification processes and will do our best to minimize the risks of this personal data breach.
How can you correct, modify or delete your personal information?
ESG Chain’s processing of your personal data involves a number of rights that you have in relation to that data. Please note that you do not have direct access to this data. However, correction, modification or deletion can be requested at any time by sending an email to the contact listed in the “Contact Information” section below.
As a ‘data subject’, you are entitled at any time to request confirmation as to whether personal data concerning you is being processed and, where this is the case, information about this data, including the purposes of the processing, the categories of data concerned, the recipients and categories of recipients, where possible, the storage periods or the criteria for determining them and the information on the origin of the data.
It is important to us to correct your personal data that turns out to be incorrect or incomplete upon your request, which you also have the right to do. If this is technically feasible, you can also request that your personal data be transmitted in electronic form. On the other hand, you may, with few restrictions, request deletion of your personal data and, if the processing is based on your consent, withdraw your consent to obtain the same. In many cases you will be interested in obtaining restriction of processing instead of deletion of your personal data, in which cases further processing will only take place with your consent. If further processing is justified for other reasons and we therefore refrain from deletion, we will point this out accordingly.
What can you do about ESG Chain’s processing of your personal data when ESG Chain relies on a ‘legitimate interest’ as the basis for processing?
To the extent that we base the data processing on ‘legitimate interest’ and not on your consent, the performance of a contract or a legal obligation, you have the right to object to the processing at any time and to request that the processing be restricted until a decision has been made regarding the data processing legality of the processing by us. Make sure that your request sets out the reasons that speak against the processing based on your particular situation or, if it is processing for direct advertising purposes, contains a brief reference to this.
If our handling of your request is not satisfactory, you have the right to lodge a complaint with the authority responsible for data protection. The same applies in cases where you believe that the processing of your personal data contradicts applicable data protection regulations.
If you have any questions regarding ESG Chain’s processing of your personal data, please send us an e-mail to firstname.lastname@example.org.