Privacy and Cookies Policy
Updated August 2023
At ESG Report Pro we work hard to serve our customers better every day. Looking after the personal data you choose to share with us is a hugely important part of what we do and what we expect others to do for us. We want you to be confident that your data is safe and secure with us, and that we understand how to use it and protect it, so that we can offer you a more personalised and rewarding experience. This recently updated Privacy and Cookies Policy complies with the requirements of the General Data Protection Regulation (GDPR).
What this Policy Covers
The data controller is ESG Report Pro, referred to in this policy as “we” or “us”. We are committed to doing the right thing when it comes to how we collect, use and protect your personal data. That’s why we’ve developed this privacy and cookies policy (“Policy”), which:
- sets out the types of personal data that we collect
- explains how and why we collect and use your personal data
- explains when and why we will share personal data within ESG Report Pro and with other organisations; and
- explains the rights and choices you have when it comes to your personal data
We offer a wide range of products and services, so we want you to be clear about what this Policy covers. This Policy applies to you if you use our services (referred to in this Policy as “our Services”). Using our Services means the purchase of products and/or services with us over the phone, or online or otherwise using any of the websites (“our Websites”) or mobile applications (“our Mobile Apps”) where this Policy is posted. This Policy also applies if you contact us or we contact you about our Services.
Our Websites or Mobile Apps may contain links to other websites operated by other organisations that have their own privacy policies. Please make sure you read the terms and conditions and privacy policy carefully before providing any personal data on a website as we do not accept any responsibility or liability for websites of other organisations.
Who we are?
The data controller officer for ESG Report Pro is Mr Robin Boustead, (info {at} esgreportpro.com) who can be contact at any time regarding this Policy.
What information do we collect?
This section tells you what personal data we may collect from you when you use our website and what other personal data we may receive from other sources. When you shop with us online or browse our Websites or use our Mobile Apps, we may collect:
- Your contact details, including your postal and billing addresses, email addresses, phone numbers and date of birth and title
- Your account login details, such as your username and the password that you have chosen
- Information about your online purchases (for example, what you have bought, when and where you bought it and how you paid for it)
- Information about your online browsing behaviour on our Websites and Mobile Apps and information about when you click on one of our adverts (including those shown on other organisations’ websites)
- Information about any devices you have used to access our website (including the make, model and operating system, IP address, browser type and mobile device identifiers)
Other sources of data we may collect.
We may also use personal data from other sources, such as specialist companies that supply information, online media channels, our Retail Partners and public registers. For example, LinkedIn, Facebook and Instagram likes and interactions that will help us to:
- review and improve the accuracy of the data we hold; and
- improve and measure the effectiveness of our marketing communications, including online advertising.
How do we use personal information?
What legal basis do we have for processing your personal data?
In relation to the headings mentioned in the section above (“how and why we use your personal data”), our legal basis for processing your personal data is:
Legal Basis:
- Contractual Necessity – at the time we collect it:
- Purchase & transaction data;
- Contact details;
- Profile details;
- Delivery/collection details.
We will not be able to provide you with your products or services if you do not provide us with this data.Legitimate Interests – following fulfilment of your order for the other personal data in that section.
Legal Basis:
- Legitimate Interests
Legal Basis:
- Legitimate Interests.
Legal Basis:
- Legitimate Interests
Where we have mentioned above our use of your personal data is based on our “legitimate interests”, these are:
- to service our customers’ needs, including delivering our products and services;
- to promote and market our products and services;
- to understand our customers including their patterns, behaviours as well as their likes and dislikes;
- to protect and support our business, colleagues, customers and shareholders;
- to prevent and detect anti-social behaviour, fraud and other crime;
- to test and develop new products and services as well as improve existing ones.
When do we share personal data?
This section explains how and why we share personal data with Retail Partners and Service Providers. When we share personal data with these companies we require them to keep it safe, and they must not use your personal data for their own marketing purposes.
We work with a number of Retail Partners who sell our products through their own-managed channels, for example on their own websites or Mobile Apps. We only share personal data that enable our Retail Partners to provide their services. For example, when you shop on our Website we will give the relevant Retail Partner your name and contact details so that they can deliver your items.
We work with carefully selected Service Providers that carry out certain functions on our behalf. These include, for example, companies that help us with technology services, storing, combining and analysing data, processing payments, provide us with legal or other professional services as well as delivering orders. We only share personal data that enable our Service Providers to provide their services.
Some of the Service Providers we work with operate online media channels, and they place relevant online advertising for our products and services, as well as those of our suppliers and our Retail Partners, on those online media channels on our behalf. For example, you may see an advert for our products and services as you use a particular social media site. Examples of our Service Providers include Facebook and Instagram.
We may share personal data with other organisations in the following circumstances:
- if the law or a public authority says we must share the personal data or for the administration of justice;
- if we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud);
- where we restructure, sell or transfer our business (or a part of it). For example, in connection with a takeover or merger.
Where do we store and process personal data?
We know how important it is to protect and manage your personal data. This section sets out some of the measures we have in place.
- We apply physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal data;
- We protect the security of your information while it is being transmitted by encrypting it;
- We use computer safeguards such as firewalls and data encryption to keep this data safe;
- We only authorise access to employees and trusted partners who need it to carry out their responsibilities;
- We regularly monitor our systems for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security;
- We will ask for proof of identity before we share your personal data with you; and
- We will reveal only the last four digits of your payment card number when confirming an order.
Whilst we take appropriate technical and organisational measures to safeguard your personal data, it is important that you keep your login details and devices protected from unauthorised access.
How long do we keep your personal data for?
We will not keep your personal data longer than we need to, how long this is depends on several factors, including:
- Why we collected it in the first place – so for example to ensure payment authority, supply your order and provide ongoing service.
- Whether we are required by German Law to keep your transaction records for a certain period. After that all records will be destroyed.
- There may be other legal/regulatory reasons to keep a transaction history and your personal information, should you require further information please contact the data collection officer;
- Whether we need it to protect you or us.
Use of cookies and other technologies
We and our partners use cookies and similar technologies, such as tags and pixels (“Cookies”), to personalise and improve your customer experience as you use our Websites and Mobile Apps and to provide you with relevant online advertising. This section provides more information about Cookies, including how we use them and how you can exercise your choices about our use of Cookies.
Cookies are small text files containing a unique identifier, which are stored on your computer or mobile device so that your device can be recognised when you are using a particular website or mobile app. They can be used only for the duration of your visit or they can be used to measure how you interact with services and content over time. Cookies help to provide important features and functionality on our Websites and Mobile Apps, and to improve your customer experience. When you consent to Cookies on our Services, these may be used to do the following:
- Improve the way our Websites and Mobile Apps work - Cookies allow us to improve the way our Websites and Mobile Apps work so that we can personalise your experience and allow you to use many of their useful features. For example, we use Cookies so we can remember your preferences and the contents of your shopping basket when you return to our Websites and Mobile Apps.
- Improve the performance of our Websites and Mobile Apps - Cookies can help us to understand how our Websites and Mobile Apps are being used, for example, by telling us if you get an error messages as you browse. These Cookies collect data that is mostly aggregated and anonymous.
- Deliver relevant online advertising, including via social media - We use Cookies to help us deliver online advertising that we believe is most relevant to you on our Websites and other organisations’ websites and using social media. Cookies used for this purpose are often placed on our Websites by specialist organisations. Cookies used for this purpose are often placed on our Websites by organisations providing specialist services to us. These Cookies may collect information about your online behaviour, such as your IP address, the website you arrived from and information about your purchase history or the content of your shopping basket. This means that you may see our adverts on our Websites and on other organisations’ websites. You may also see adverts for other organisations on our Websites.
- Measuring the effectiveness of our marketing communications, including online advertising - Cookies can tell us if you have seen a specific advert, and how long it has been since you have seen it. This information allows us to measure the effectiveness of our online advertising campaigns and control the number of times you are shown an advert. We also use Cookies to measure the effectiveness of our marketing communications, for example by telling us if you have opened a marketing email that we have sent you
Your rights in relation to data
You have the right to see the data we hold about you. This is called a Subject Access Request. If you would like a copy of the personal data we hold about you, please write to: ESG Report Pro email: info {@} esgreportpro.com In relation to your personal data, you also have the right to:
- Have inaccurate information corrected. Summary of the right: if you believe we hold inaccurate or missing information, please let us know and we will correct it.
- Object to our use of it. Summary of the right:
- general objection - We will then consider your objection to our use of your personal data. If on balance, your rights outweigh our interests in using your personal data, then we will at your request either restrict our use of it (see section 3 below) or delete it (see section 4 below).
- objection in relation to direct marketing - If you make such an objection, we will stop using your personal data for direct marketing purposes.
- Restrict our use of it. Summary of the right: There are several situations when you can restrict our use of your personal data, this includes (but is not limited to):
- you have successfully made a general objection (listed in section 2 above).
- you are challenging the accuracy of the personal data we hold.
- we have used your personal data unlawfully, but you do not want us to delete it.
- Have us delete it. Summary of the right: There are several situations when you can have us delete your personal data, this includes (but is not limited to):
- we no longer need to keep your personal data;
- you have successfully made a general objection (listed in section 2 above);
- you have withdrawn your consent to us using your personal data (and we do not have any other grounds to use it);
- we have unlawfully processed your personal data.
- Complain to the data protection regulator. We’d like the chance to resolve any complaints you have however, you also have the right to complain to the EU Data Protection Supervisor (the "EDPS") about how we have used your personal data. Their website https://edps.europa.eu/
How to contact us?
If you have any questions or queries regarding our privacy practices, your information or if you wish to file a complaint, please email to: ESG Report Pro: info{at}esgreportpro.com