Last Update: November 7, 2022
TABLE OF CONTENTS:
1. COLLECTION OF PERSONAL INFORMATION FROM WEBSITE VISITORS
Through the ESG IDP Website, the LSTA collects Your name, title, organization, and email address when You download any of the templates or documents on the ESG IDP Website. When You access the ESG IDP Website, a cookie is stored on Your device so that You do not have to re-enter Your information when You revisit the ESG IDP website and want to download any of the templates or documents on the ESG IDP Website. You may decline cookies generally by using the appropriate feature of their Web client software, if available. Note that we may not be able to honor a “Do Not Track” setting you use in your browser.
2. USE OF PERSONAL DATA COLLECTED
Personal data collected through the ESG IDP Website will be used by each of ACC, LSTA, and PRI for editorial and feedback purposes, to inform you of new templates or documents that are available, for marketing and promotional purposes, for a statistical analysis of users’ behavior, for product development, and for content improvement. We will delete Your personal data when it is no longer needed for our legitimate business purpose.
3. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
Any information You provide in connection with the ESG IDP Website may be shared, leased, sold, or otherwise disclosed to third parties even if such parties are not specified in this Policy and without further notice to You.
4. COLLECTION OF PERSONAL DATA FROM CHILDREN
The ESG IDP’s Website is not intended for use by children under the age of 18. ESG IDP does not intentionally collect or post personally identifying information from children under the age of 18. None of the ACC, LSTA, or PRI intentionally provide any personally identifying information collected from children under the age of 18, regardless of its source, to any third party for any purpose whatsoever.
7. EUROPEAN RESIDENTS PRIVACY INFORMATION
If You are a European resident individual, You have certain rights in relation to Your personal information under the applicable European data privacy laws. This section only applies to such users. Under applicable European data privacy laws, ESG IDP is the data controller.
(a) Rights to Control Your Personal Information
Applicable European data privacy laws gives certain users the right to access their personal information. Your right of access can be exercised in accordance with the European data privacy laws. If You would like to request a copy of Your personal information being held by us, or request that it is deleted or to update and/or correct Your personal information or request that we provide a copy to another data controller of Your personal information that You have provided to us, please contact us. We will need enough information to ascertain Your identity as well as the nature of Your request. We will aim to respond to Your request within one calendar month of receipt of the request. Where we were unable to do so within the calendar month, we will notify You of the soonest practicable time within which we can respond to Your request (and within three months from the date of Your request). There are certain exemptions and restrictions of these rights under the European data privacy laws that enable personal information to be retained, processed or withheld from access and we will inform You of these if applicable. If You would like to exercise any of these rights, please contact us at email@example.com.
(b) We use Your Personal Information for the following key purposes:
- to contact You: subject to applicable law, we or our third-party service and business providers may send You communications; especially if You have subscribed to one of our services. Such communications are designed to make Your experience of our Website more efficient and may include, but are not limited to: communications about our organization and other notifications including important news that could affect Your relationship with us. Where required under applicable data privacy laws, we will not send You marketing communications without Your prior consent;
- for legal purposes: we may use and share personal information for legal purposes, including financial, regulatory, tax and other legal obligations and to respond to governmental or regulatory requests or subpoenas or for litigation purposes;
- for our legitimate interests and those of a third party: we may use Your personal information to manage our legal, regulatory, financial and business requirements, including obtaining legal advice, in the course of disputes and litigation, internal and/or regulatory investigations and other legitimate interests; we also use Your personal data for our legitimate marketing purposes and we may share Your data with third parties, such as our sponsors, where we consider this meets our legitimate interests or those of our sponsors, whilst respecting users’ data privacy rights;
- for our business purposes: we may use Your personal information to help us manage the objectives of our organization;
- for other purposes: subject to applicable law, we may use Your personal information for additional purposes in connection with the Website or our organization, where You have provided Your prior consent.
(c) International Transfers
(d) Sharing Your personal information
(e) Tracking Tools
- Analyze our web traffic using an analytics package
- Identify if You are signed in to the Website
- Test content on the Website
- Store information about Your preferences
- Recognize when You return to the Website
In addition, this Website uses Google Analytics and other analytics programs to collect information about You and Your behaviors. If You would like to opt out of Google Analytics, please visit https://tools.google.com/dlpage/gaopto. If You choose to block or delete cookies, certain features of our Website may not operate correctly. For more information, see www.allaboutcookies.org.
(f) Retention of personal information
We will only retain Your personal information for as long as reasonably necessary to fulfil the determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of Your personal information, the purposes for which we process Your personal information and whether we can achieve those purposes through other means, and applicable legal requirements.
(g) Data Security
We have put in place appropriate security measures to prevent Your personal information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to Your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process Your personal information on our instructions and they are subject to a duty of confidentiality.
(h) Complaint Process
If You have any concerns regarding how we are handling Your personal information, please contact us at firstname.lastname@example.org. We will strive to deal with Your concerns promptly. If You wish to complain about the handling of Your personal information outside of ESG IDP, You have the right to raise a complaint with a supervisory authority in Your country of residence under European data privacy laws.
8. CALIFORNIAN RESIDENTS PRIVACY INFORMATION
California law permits our users who are California residents to request certain information about our disclosure of personal information to third parties for their own direct marketing purposes during the preceding calendar year. This request is free and may be made once a year. To make such a request, please write to us at www.esgidp.org.
If You are a California resident, California law also provides You with the following additional rights with respect to Your personal information:
- The right to know what categories or specific personal information we have collected, used, disclosed and sold about You. You also may designate an authorized agent to make a request for access on Your behalf.
- The right to request that we delete any personal information we have collected about You. You also may designate an authorized agent to make a request for deletion on Your behalf.
To submit a request, You may email us at email@example.com. When You exercise these rights and submit a request to us, we will verify Your identity by asking You for Your email address, telephone number or other information. We also may use a third-party verification provider to verify Your identity. We will endeavor to honor client’s requests unless such a request conflicts with certain lawful exemptions. Please note that we are only required to honor such requests twice in a 12-month period.