Privacy Policy

This Privacy Policy explains how ESGine® ("ESGine", "we", "us", "our") collects, uses, stores and protects personal data and other information when you visit our website, interact with us, or use the ESGine platform.

1. Who we are

ESGine® is a pre-submission ESG and climate review platform that helps organisations review internal ESG/Climate submission packages before they are provided to regulators, auditors or assurance providers.

For the purposes of the UK General Data Protection Regulation ("UK GDPR") and, where applicable, the EU GDPR, ESGine acts as a data controller when we determine the purposes and means of processing personal data in connection with our website, marketing and client relationships.

2. How to contact us

If you have any questions about this Privacy Policy or how we handle personal data, you can contact us at:

• Email: info@esgine.io
• United Kingdom: Peter House, Oxford Street, #408, Manchester, M1 5AN, United Kingdom
• United States: 20 F Street NW, #700, Washington, DC 20001, United States

3. Scope of this Privacy Policy

This Privacy Policy applies to visitors to our website, individuals who contact us or request access, authorised users of the ESGine platform acting on behalf of client organisations, and prospective clients, partners and other professional contacts.

Where we process data on behalf of a client (for example, ESG/Climate submission packages and related files uploaded to our platform), we act as a data processor and the client's own privacy and confidentiality terms will also apply.

4. What data we collect

The information we collect depends on how you interact with us. Broadly, we may collect:

• Contact details (name, work email, phone number, role, organisation);
• Information submitted via forms (e.g., reporting context, jurisdictions, frameworks, timelines);
• Account details for authorised users (login details, profile information);
• Communications with us (emails, meeting notes, support requests);
• Technical and usage data (log data, device information, usage patterns, cookies).

5. How we use personal data

We use personal data to provide and operate the ESGine platform, manage client accounts, respond to enquiries, configure and deliver pilots and briefings, improve our services, send service-related communications, and comply with legal and regulatory obligations.

6. Legal bases for processing

Where the UK GDPR or EU GDPR applies, we rely on legal bases including performance of a contract, legitimate interests, consent (where required), and legal obligations.

7. Sharing and international transfers

We do not sell personal data. We may share information with service providers, professional advisers, regulators or authorities (where required), and in connection with corporate transactions, subject to appropriate safeguards. Where data is transferred outside the UK or EEA, we implement appropriate transfer mechanisms such as standard contractual clauses or equivalent safeguards.

8. Data retention

We retain personal data for as long as necessary to fulfil the purposes described in this Privacy Policy, including to provide services, comply with legal obligations, resolve disputes and enforce agreements. Retention for materials uploaded to the ESGine platform may be governed by our contract with the relevant client.

9. Security

We implement technical and organisational measures designed to protect personal data and client materials, including encryption in transit and at rest, access controls and logging. No system can be guaranteed as completely secure, and clients are responsible for maintaining the confidentiality of their account credentials.

10. Your rights

Depending on your location and subject to applicable law, you may have rights such as access, rectification, erasure, restriction, objection, data portability and the right to withdraw consent where processing is based on consent. You may also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) or another supervisory authority.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, provide additional notice.