GDPR

GDPR

Organisations established in the EU and/or processing personal data of EU-based individuals will, in almost all cases, be required to comply with the General Data Protection Regulation (GDPR) which came into force on May 25, 2018. The GDPR updates and harmonises the framework for processing personal data in the European Union, and brings with it new obligations for organisations and new rights for individuals.

Our Commitment

ESG is fully committed to complying with the requirements of the GDPR and other global privacy regulations. We have ensured our policies are in compliance. For details specific to how we comply with GDPR and other global privacy regulations related to our supply of data to our clients, review our legal basis for data processing.

Worldwide Product Compliance

Our customers operate in and from multiple territories and jurisdictions around the world. To ensure a consistent user experience, ESG has adopted the GDPR requirements to our entire platform and support it worldwide.

As a Data Processor with regards to GPPR we process and will process data of EU residents (and UK residents post-brexit) for EU (and UK residents post-brexit) as well as for companies registered world-wide.

ESG have made necessary provisions to adhere to data security and privacy at every step of data management, data accuracy, data retention and disposal, data transfer, data profiling, data sourcing and ensuring legitimate business interest. ESG has cleared the GDPR audit requirements in accordance with DPIA,to confirm that the controls are suitably designed.

ESG have implemented and revalidated processes and systems on the basis of the following key GDPR principles:

confidentiality;
legality;
reasonable purpose;
minimisation of data footprint;
accuracy;
limitation of retention.

Rights Regarding Personal Information

An individual may contact us at any time and we shall work diligently to respect the choices and requests regarding the individual’s Personal Information. The purpose of the list stipulated below is to allow Users and Contacts to exercise their rights under applicable privacy and data protection regulations.

Right of Access

An individual may request to access his/her Personal Information and obtain a copy of any Personal Information which is being processed by ESG. In the event that an individual requests to know what Personal Information is being processed by ESG, we will provide him/her with the following information free of charge:

purposes of processing;
categories of Personal Information processed;
recipient(s) of Personal Information;
length of time during which the Personal Information will be stored;
privacy rights;
information on data transfers.

Such requests can be made by filling in relevant details here or by contacting us on the contact details displayed on this website.

Right of Rectification

An individual may request to change, update or complete any missing data we process about that individual, by filling in relevant details here or by contacting us on the contact details displayed on this website. Please note that we may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion.

Right of Erasure

An individual may at any time withdraw his/her consent to our processing of his/her Personal Information. In this case, if there is no overriding legitimate interest for continuing the processing of that Personal Information (e.g. to comply with our legal obligations, resolve disputes, enforce our agreements, etc.) and the Personal Information is no longer necessary in relation to the purpose for which it was originally collected, we will erase your data. Such withdrawal of consent will be made by filling in relevant details here or by contacting us on the contact details displayed on this website.

Right of Restriction of Processing

An individual may request us to restrict processing of his/her Personal Information if one of the following applies:

the accuracy of the Personal Information is contested by that individual;
the processing is unlawful;
if we no longer need the Personal Information.

Such request will be made by filling in relevant details here or by contacting us on the contact details displayed on this website.

Right to Data Portability

An individual has the right to receive his/her Personal Information in a structured, commonly used and machine-readable format. Such request will be made by by filling in relevant details here or by contacting us on the contact details displayed on this website.

If an individual wishes to raise a complaint about how we have handled his/her Personal Information, we can be contacted directly at [email protected]

If an individual is not satisfied with our response or believe we are collecting or processing his/her Personal Information not in accordance with the laws, a complaint can be made to the applicable data protection authority.

Retention

Personal Information will be retained by ESG in such a way that an individual can be identified only as long as is necessary for ESG’s processing activities (“Processing Date”).

If an organisation would like a relevant Business Profiles removed from our servers or that ESG does will not disclose the Business Profile with our Users, vendors or business partners, the organisation can have that actioned by filling in relevant details here or by contacting us on the contact details displayed on this website.