Privacy Policy
A standard customer-facing website privacy policy that complies with the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (UK GDPR) and the Data Protection Act 2018 (DPA 2018).
​
ESG Marketing respects your privacy and is committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
-
Identity Data includes [first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender].
-
Contact Data includes [billing address, delivery address, email address and telephone numbers].
-
Financial Data includes [bank account and payment card details].
-
Transaction Data includes [details about payments to and from you and other details of products and services you have purchased from us].
-
Technical Data includes [internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website].
-
Profile Data includes [your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses].
-
Usage Data includes [information about how you use our website, products and services].
-
Marketing and Communications Data includes [your preferences in receiving marketing from us and our third parties and your communication preferences].
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity.
For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
​
IF YOU FAIL TO PROVIDE PERSONAL DATA
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
We use different methods to collect data from and about you including through:
-
Direct interactions. You may give us your [Identity, Contact and Financial Data] by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
-
apply for our products or services;
-
create an account on our website;
-
subscribe to our service or publications;
-
request marketing to be sent to you;
-
enter a competition, promotion or survey; or
-
give us feedback or contact us.
-
Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies[, server logs] and other similar technologies. [We may also receive Technical Data about you if you visit other websites employing our cookies.] Please see our cookie policy for further details.
​
Your Enquiries
If you contact us about our services, the emails you send may include information about you, such as your name, address, age, gender, email address and your enquiry. We use this information to carry out the following:
-
In line with the legitimate interest we have in promoting our business, we will process your enquiries to provide you with information about the services we offer.
-
This might include replying to your enquiry, or sending you invites to our events.
-
We use HubSpot CRM to process your email address and information supplied by you in the course of an enquiry through the website, and to send you invitations and marketing materials. You can find out more about how they process personal data here: https://legal.hubspot.com/privacy-policy
-
We may also process enquiries to take steps you ask of us with a view to entering into an agreement to provide you with our services.
-
You are under no obligation to provide us with any details, but if you don’t provide all relevant information, we may not be able to help.
​
Marketing
We might use your information to send you marketing emails, in accordance with our legitimate interests, about our services or events which are similar or related to those which you have previously received (or attended, in the case of events).
We may also disclose your name and contact information to our relevant affiliates who provide the same services, to enable them to market their services and/or events to you.
If you would like to be removed from this mailing list, please contact us at rodica@esgmarketing.co.uk or click unsubscribe at the bottom of each marketing email.
​
All Content You Submit To Us
If you send us objectionable content or otherwise behave in a disruptive manner when using our website, we may process personal data included in your messages to respond to and stop such behaviour.
How you use our website (analytics)
Our website uses cookies and other mechanisms to collect log and analytical information, such as your internet protocol (IP) address, to help analyse how visitors use the site and to compile statistical reports on website activity.
​
We process this information to understand how visitors use our website and to compile statistical reports regarding that activity (for example your IP address is used to approximate the country from which you access our website, and we aggregate this information together, so we know that, for example, most of the visitors to our website come from a certain country/area).
This processing is necessary for us to pursue our legitimate interests in improving our website, by enhancing the user experience and making the website as personal and relevant as possible. Cookie preferences can be changed via our website, however, disabling certain cookies may prevent you from taking full advantage of our services, and the functionality of the website may be limited. Please review our cookie policy for more information.
This information is not used to develop a personal profile of you. All such information is aggregated and stored anonymously.
Disclosures of your personal data
Your personal data on our website is used and shared by our office in the UK. We keep your information confidential but may share it with our shareholders, affiliates and business partners. Whenever we transfer your personal data outside of the European Economic Area (EEA) we ensure that we have standard contractual clauses in place as a safeguard for this transaction.
We may also disclose it to our personnel, suppliers or subcontractors insofar as it is reasonably necessary for the purposes set out in this privacy policy, provided that they do not make independent use of the information and have agreed to adhere to the rules set out in this privacy statement.
In addition, we may disclose your information to the extent that we are required to do so by law (which may include to government bodies and law enforcement agencies); in connection with any legal proceedings or prospective legal proceedings; and to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).
If we are involved in a merger, acquisition, or sale of all or a portion of our business or assets, the information we hold may be included as part of that sale, in which case you may be notified, as appropriate, via email and/or a notice on the website of any changes in ownership or use of your information, as any choices you may have regarding that information.
Except as provided above, we will not provide your information to third parties.
Your legal rights
You have the right to:
-
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
-
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
-
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
-
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
-
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
-
If you want us to establish the data's accuracy.
-
Where our use of the data is unlawful but you do not want us to erase it.
-
Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
-
You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
-
-
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
-
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Children's data
This website is not intended for children, and we do not knowingly collect data relating to children.
It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.
Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Changes & International Transfers
This policy may be updated from time to time. We will notify you of any changes by posting the new policy here and, where feasible, by letting you know by email.
International Transfers
Where we transfer your data outside of the EEA, we have agreements in place with those parties which include standard data protection clauses adopted by a data protection regulator and approved by the European Commission to ensure that appropriate safeguards are in place to protect your personal data. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
Data retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
​
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
​
In general, we store your data for 5 years as of the most recent update in our systems.