Privacy Policy

I. Name and Address of the Responsible

The responsible within the meaning of the General Data Protection Regulation (“GDPR“), the UK Data Protection Act 2018 (the “DPA”), and other applicable data protection laws and regulations (collectively hereinafter the “Data Laws” is

ESG Book GmbH, UK Branch

Managing Director (Geschäftsführer): Justin Fitzpatrick

27 Old Gloucester Street

London WC1N 3AX

Phone: +44 20 7113 3503
E-mail: [email protected]
Companies House (England and Wales), UK establishment number BR020774.

ESG Book GmbH, UK Branch is the UK branch of ESG Book GmbH

Junghofstraße 16
60311 Frankfurt am Main
Germany
Phone: +49 69 5095 55502
E-mail: [email protected]
Commercial register (Handelsregister): local court (Amtsgericht) Frankfurt am Main, HRB 113087

ESG Book is hereinafter referred to as “ESG Book”, “we”, “us” or “our”.

II. General Information on Data Processing

1. The Scope of Personal Data Processing

We process personal data of our users to the extent necessary to (i) verify the identity of a user before entering into an agreement with that user, (ii) enter into, fulfill and monitor the performance of the agreement concluded between ESG Book and every single user or the entity a user represents, (iii) improve the functionalities and general user experience of the ESG Book online platform, (iv) offer newsletter services, and (v) increase user engagement with the ESG Book online platform, . We collect cookies on a consent basis to understand how users use the website and what content they look at the most.

2. Legal Basis for the Processing of Personal Data

a) Use of the ESG Book online Platform

To use the ESG Book online platform, you will need to enter into an agreement with us, either for yourself, or for the entity you represent when using the ESG Book online platform. The legal basis for the processing of your personal data in this regard is the contractual relationship we have with you or the entity you represent (see e.g. Article 6 (1) (b) GDPR or similar provisions in other Data Laws), including any pre-contractual measures to conclude the agreement. Where the identification process serves to prevent abusive behaviours, including in particular the creation of fake-accounts for real companies, the legal basis is our legitimate business interest as set out e.g. in Article 6 (1) (f) GDPR or similar provisions in other Data Laws.

The legal basis for the tracking of user behaviour on the ESG Book online platform to improve our services is our legitimate business interest as set out e.g. in Article 6 (1) (f) GDPR or similar provisions in other Data Laws. The legal basis for the tracking of user behaviour on the ESG Book online platform to increase user engagement with our services is your consent as set out e.g. in Article 6 (1) (a) GDPR or similar provisions in other Data Law and as granted by you when registering for access to the ESG Book online platform.
The collection of cookies is based on consent as set out e.g. in Article 6 (1) (a) GDPR or similar provisions in other Data Laws.

b) Newsletter

We offer newsletters to inform subscribers about news relating to our company, our collaboration, our research and other ESG-related topics. The collection and processing of personal data in that context is based on your consent as set out e.g. in Article 6 (1) (a) GDPR or similar provisions in other Data Laws.

c) Contacting ESG Book

Whenever you reach out us by whatever means available, we will collect and process the personal data necessary to process your message. The legal basis for such collection and processing of personal data is, as the case may be, (i) the contractual relationship we have with you or the entity you represent (see e.g. Article 6 (1) (b) GDPR or similar provisions in other Data Laws), including any pre-contractual measures to conclude the agreement, including employment agreements, (ii) our legitimate business interest as set out e.g. in Article 6 (1) (f) GDPR or similar provisions in other Data Laws, or (iii) your consent as set out e.g. in Article 6 (1) (a) GDPR or similar provisions in other Data Laws.

3. Data Deletion and Storage Period

Your personal data will be deleted or blocked from processing as soon as the purpose of the storage no longer applies. Storage may also take place if this has been provided for by any Data Laws. The data will also be blocked or deleted if a storage period prescribed by the aforementioned provisions expires, unless there is a necessity for the continued storage of the data for the conclusion or fulfilment of a contract.

III. Registration for the ESG Book online platform, Logins to the ESG Book online platform, on-platform requests to user users

1. Description and scope of data processing

The use of our website requires that you register and subsequently login to the website using your login credentials. For a simple access with limited functionalities (refer to our Terms and Conditions), we only ask for a valid e-mail-address and a password. If you want to join our website on behalf of an entity, we will also ask for the full name and country of registration of the entity, your position at the entity, and potentially a link to your profile on a professional career network or other evidence of your belonging to the entity you claim to represent. The following data is also stored at the time of registration: (i) The date and time of registration, (ii) The version of the Platform ESG Book Terms and Conditions (formerly “ESG Book Terms and Conditions”) you accepted, and (iii) your IP address and the browser you used. During later logins, we will also store the date and time you accepted a modified version of the Platform Terms and Conditions and the version of those. For the first registration or any first login after version 1.1 of our Platform Terms and Conditions were introduced, we also for your consent to track your user behaviour, create a usage profile for you, analyse your usage profile and reach out to you based on your usage profile.

2. Legal Basis for the Processing of Data

The registration serves the purpose of pre-contractual measures for and the conclusion of a contract to which the user is a party. Subsequent Logins serve the performance of the contract. In both cases, the legal basis for the processing of the personal data is Article 6 (1) lit. b GDPR or similar provisions of other Data Laws. To the extent the registration and subsequent logins help in avoiding abusive behaviour on the website or fraudulent login attempts, the legal basis for the processing of the personal data is Article 6 (1) lit. f GDPR (“legitimate interest”) or similar provisions of other Data Laws. The tracking and analysis of user behaviour and our reaching out to you when you are facing problems help to improve our Platform and to that extent the legal basis for the processing of the personal data is Article 6 (1) lit. f GDPR (“legitimate interest”). To the extent our reaching out to you serves to improve user engagement or sell additional products, the legal basis is your consent as set out in Article 6 (1) lit. a GDPR or similar provisions of other Data Laws. TO the extent the tracking involves the use of third party services and cookies (see VII. below), the legal basis is also your consent as set out in Article 6 (1) lit. a GDPR or similar provisions of other Data Laws. To the extent we display your name and the entity you represent to the recipient of any requests for disclosure you make on the ESG Book online platform, the legal basis for the processing of the personal data is Article 6 (1) lit. f GDPR (“legitimate interest”).

3. Purpose of the Data Processing

The registration of the user is necessary for the implementation of pre-contractual measures and for the fulfilment of a contract with the user. As a pre-contractual measure, the processing of data allows to ensure that a user connecting via a given e-mail-address is actually in control of that e-mail-address. The user can subsequently be identified by that address, and this in turn allows to verify that the person accepted the required Terms and Conditions as applicable from time to time. Where a person wishes to use and subsequently uses the website on behalf of an entity, the personal data collected allows to verify to a sufficient degree that the person belongs to that entity and may act on the company’s behalf.

The storage of any personal data in this context is necessary for at least as long as the contractual relationship is ongoing, so that the contractual party can be identified and potentially legal steps taken against it or ESG Book can defend against claims that the person was not acting on behalf of a certain company.

The tracking of user behaviour helps to improve the Platform by understanding e.g. which parts a user finds most relevant, or which elements are rarely used. The tracking of user behaviour and subsequent contacting of users also helps us understand how we can further improve our products and be of service to our users, including through sales of additional services.

The displaying of your name and the entity you represent when you make a request for disclosure on the ESG Book online platform to another entity serves the purpose for the other entity to understand this request is coming from and verify independently from the ESG Book online platform’s onboarding process the validity of such request.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Where the registration process is abandoned before completion or does not lead to the conclusion of a contract because the person in question does not accept the Terms and Conditions to conclude a contract with the user, the personal data collected so far will be deleted within a few days.

Where the registration is successful and therefore a contract concluded, the personal data collected will be stored as long as the contract is ongoing, and may be stored for period of up four years afterwards to allow ESG Book to defend against potential legal claims.

5. Possibility of Objection and Deletion

A request for deletion or an objection to storage are possible by sending an e-mail to [email protected]. All personal data stored in the course of contacting us will be deleted in this case.

If the personal data is required to perform a contract or to carry out pre-contractual measures, early deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

To the extent that personal data was collected based on your consent, please note that we consider this tracking essential and any use of the above-mentioned rights, or the revocation of your consent, gives us the right under the Platform Terms and Conditions to terminate the Agreement on the use of the ESG Book online platform.

IV. E-mail or Other Contact

1. Description and Extent of Data Processing

It is possible to contact us via the e-mail address provided on the website. In this case, the user’s personal data transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

2. The Legal Basis for the Processing

The legal basis for the processing of data transmitted by sending an e-mail is Article 6 (1) lit. f GDPR or similar provisions of other Data Laws. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Article 6 (1) lit. b GDPR or similar provisions of other Data Laws.

3. Purpose of the Processing

The processing of the personal data only serves to conclude or perform the contact and is also necessary for that.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.

5. Possibility of Objection and Deletion

If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case. A request for deletion or an objection to storage are possible by sending an e-mail to [email protected].

If the personal data is required to fulfil a contract or to carry out pre-contractual measures, early deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.

V. Use of Cookies

1. Description and Extent of Data Processing

Our website uses cookies that are stored in your browser and perform two functions: (1) they recognize when you are returning to the website and recognize whether you are logged in, and (2) they keep track of which sections of the website you find most interesting and useful or possibly have difficulties with.

2. The Legal Basis for the Processing

The legal basis for the processing of the cookies referred to is your consent as set out in Article 6 (1) lit. a GDPR or similar provisions of other Data Laws. Your consent is expressed (or denied) in the cookie banner that will show up on your first accessing of the website and as often as needed to ensure we have your consent.

3. Purpose of the Processing

The processing of the personal data only serves to improve your user experience, either immediately by avoiding the constant need to login, or over time, as your usage of the website helps us understand what is relevant or where the website needs improving.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

5. Possibility of Objection and Deletion

Cookies are stored on the user’s computer and transmitted to our site by the user. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically.

6. Third Party Cookies

For the use of third party cookies, please refer to VII. below.

V. Newsletters

1. Description and Extent of Data Processing

We let people subscribe to our newsletters. In that context, we only collect your e-mail-address.

2. The Legal Basis for the Processing

The legal basis for the processing of your e-mail-address is your consent as set out in Article 6 (1) lit. a GDPR or similar provisions of other Data Laws as expressed through your voluntary and active subscription (opt in).

3. Purpose of the Processing

The processing of the personal data only serves to send the newsletter,

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

5. Possibility of Objection and Deletion

You object to receiving newsletters by contacting us or request the deletion of your personal data collected in that context by unsubscribing the newsletter using the links provided in every newsletter.

VI. Rights of the Data Subject under the GDPR

If your personal data is processed, you are a “data subject” within the meaning of the GDPR and you have the following rights vis-à-vis the controller under the GDPR (and under similar provisions of other Data Laws):

1. Right of access

You may request confirmation from the controller as to whether personal data concerning you is being processed by us. If there is such processing, you may request information from the controller about the following: (1) the purposes for which the personal data are processed; (2) the categories of personal data which are processed; (3) the recipients or categories of recipients which have or will receive your personal data; (4) the envisaged duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage period; (5) the existence of a right to rectification or deletion of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing; (6) the existence of a right to lodge a complaint with a supervisory authority; (7) any available information on the origin of the data if the personal data are not collected from the data subject;

You have the right to request information on whether personal data concerning you are transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.

2. Right to correction

You have a right to have your personal data corrected and/or completed by the the data controller if the personal data processed concerning you is inaccurate or incomplete. The controller must carry out the rectification without undue delay.

3. Right to Restriction of Processing

You may request the restriction of the processing of your personal data under the following conditions:
(1) if you contest the accuracy of the personal data concerning you for a period of time which enables the controller to verify the accuracy of the to verify the accuracy of the personal data;
(2) the processing is unlawful and you object to the deletion of the personal data and request the restriction of the use of the personal data instead;
(3) the controller no longer needs the personal data for the purposes of processing, but you need it for the assertion, exercise or defence of legal claims.

4. Right to Deletion

a) Obligation to delete

You may request the controller to delete your personal data without undue delay and the controller is obliged to erase such data without undue delay if one of the following reasons applies: (1) Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed; (2) You withdraw your consent on which the processing was based pursuant to Art. 6 (1) a GDPR or similar provisions of other Data Laws and there is no other legal basis for the processing; (3) Your personal data has been processed unlawfully; (4) The deletion of your personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.

b) Information to Third Parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR or similar provisions in other Data Laws, the controller shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers who process the personal data that you, as the data subject, have requested them to erase all links to, or copies or replications of, that personal data.

c) Exceptions

The right to deletion does not exist insofar as processing is necessary (1) for the exercise of the right to freedom of expression and information; (2) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject; (3) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) of the GDPR or similar provisions in other Data Laws, insofar as the right referred to in Section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or (5) for the establishment, exercise or defence of legal claims.

5. Right of Information

If you have exercised the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients, to whom the personal data relating to you has been disclosed, of the erasure or restriction of processing to all recipients to whom the personal data relating to you has been disclosed, unless this proves impossible or involves a disproportionate effort. associated with it.

You have the right to be informed by the controller about these recipients. to be informed about these recipients.

6. Right to Data Portability

You have the right to obtain the personal data concerning you have provided to the controller in a structured form and in a commonly used and machine-readable format.

7. Right of Objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data that is carried out on the basis of Article 6(1) (f) GDPR or similar provisions in other Data Laws. The controller shall no longer process your personal data unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

VII. Integration of Third Party Services (Mixpanel)

We use “Mixpanel” on our webpage, a product of Mixpanel, Inc., 405 Howard St., Floor 2, San Francisco, CA 94105, USA (hereinafter referred to as: “Mixpanel”). Mixpanel stores and processes information about your user behaviour on our website. Mixpanel uses, among other things, cookies that allow an analysis of the use of our website by you.

We use Mixpanel for marketing and optimization purposes, in particular to analyse the use of our website and to continuously improve individual functions and offers as well as the user experience. Through the statistical evaluation of user behaviour, we can improve our offer and make it more interesting for you as a user. This also includes our legitimate interest in the processing of the above data by the third party provider. The legal basis is Art. 6 (1) lit. f) GDPR.

You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all functions of our website to their full extent. You can also prevent Mixpanel from collecting the aforementioned information by setting an opt-out cookie on the website: https://mixpanel.com/optout/

Please note that this setting will be deleted if you delete your cookies. You can object to the collection and forwarding of personal data or prevent the processing of this data by deactivating the execution of Java Script in your browser. You can also prevent the execution of JavaScript code altogether by installing a JavaScript blocker. We would like to point out that in this case you may not be able to use all functions of our website to their full extent.
Further information on data protection from the third-party provider Mixpanel can be found on the website https://mixpanel.com/privacy/