At ESGAI Technologies Inc. (“ESG.AI”, “us,” “we,” or “our”), our mission is to provide analysis of, and scores for, and other data related to environmental, social and corporate governance of an organization or entity. Our Services (as defined in our Terms of Service accessible at https://esg.ai/terms including software, websites and applications) allow you to submit or make available User Content (as defined in our Terms of Service) to us and us to provide the above-mentioned analysis and scores based the User Content.
1. INTRODUCTION
This Privacy Policy applies to Personal Data we receive or collect about users who interact with ESG.AI, including by visiting our websites or our social media pages, by using our applications or by using our Services.
Personal Data is any data that identifies or relates to you as a particular individual, including information referred to as “personally identifiable information” or “personal information” under applicable data privacy laws or regulations.
This Privacy Policy does not cover the practices of companies that we do not own or control, or people that we do not manage. We are not responsible for the policies and practices of our research, business and advertising partners or any third-party providers, and we do not control, operate, or endorse any information, products, or services that may be offered by third party providers or accessible on or through our websites, applications, or Services.
2. SOURCES OF PERSONAL DATA
We collect Personal Data about you from you:
- through your interactions with us and our Services, such as when you sign-up to or use our Services, when you supply or provide services to us, when you request information or sign-up to receive marketing or other communications from us (such as marketing emails, alerts, newsletters, etc.; please note that we may record or monitor telephone calls), and when you register for or attend an event hosted by us;
- through your device which you use to interact with us and our Services, as our servers, logs and other technologies may automatically collect certain information from or about you and your device (such as IP address, user identifier, device identifier, etc.) and usage information; and
- through Cookies (as defined below) and similar automatic data collection technologies included in our Services.
We may also collect Personal Data about you from third party providers:
- through the party or person(s) arranging for you to access our Services (such as your employer, an organization, group, or association to which you belong or are associated with or your Managing Entity as defined in our Terms of Service);
- through advertising partners, such as companies that have entered in joint marketing relationships with us or assist us with marketing or promotional services, which may provide us with data related to how you interact with our Services, advertisements, or communications;
- through social media, other third-party platforms, and linked accounts or devices, if you interact with our software, websites and applications on social media sites, post content to their sites using our Services, sign into our Services through a third-party site or service, or otherwise link accounts or devices to your Account with ESG.AI;
- through sources that are available to the public and typically over the internet, available in or through widely distributed media, and from government databases, records, and system (such as publicly accessible corporate websites, the United States Securities and Exchange Commission, and the United Kingdom’s Companies House); and
- through service providers, such as information services and data licensors or our business and research partners, when we supplement any of your User Content.
3. PERSONAL DATA WE COLLECT
The types and categories of Personal Data we collect depend on how you are interacting with our Services. We may collect the following types of Personal Data:
- contact details, such as your first and last name, email and mailing address, and phone number;
- employer and professional level data, such as the names of your current and/or former employers, job title(s), business contact information, industry, certifications, etc.
- educational data, such as your education history and your alma mater;
- demographic information and protected classifications, such as, your country, preferred language, race, color, national origin, age, sex, gender, gender identity, and gender expression;
- profile data, such as username and password that you may establish to create an Account using our Services, as well as any personal or identifying information you choose to include in your Account or in User Content that you submit or make available;
- communications that we exchange with you, including when you contact us via email, via our Services or via our website with questions, feedback, or reviews;
- payment and transactional data needed to complete your subscription to our Services (including name, email address, payment card information, payment card numbers, bank account number, billing information) and your transaction history. Generally, we do not have access to payment card numbers or bank account numbers as a Payment Processor (as defined in our Terms of Service) will collect the financial information necessary to process your payments in accordance with the Payment Processor’s own service agreement and privacy policy;
- device data, such as your device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (such as phone, tablet), IP Address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (such as Wi-Fi, LTE, 3G), and general location information such as city, state, or geographic area;
- geolocation data, such as GPS and IP Address if you give us permission to do so; and
- online activity data, such as pages or screens you view, how long you spent on a page or screen, the website you visited before visiting our website, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access.
4. PERSONAL DATA OF CHILDREN
If you are under 13, or under the legal age to form a binding contract in your jurisdiction, please do not attempt to register for our Services or send any Personal Data about yourself to us. If we learn that we have collected Personal Data from a child under 13 or under the legal age to form a binding contract in your jurisdiction, we will delete that information as quickly as possible. If you believe that a child under 13, or under any legal age to form a binding contract in your jurisdiction, may have provided us Personal Data, please contact us at privacy@esg.ai.
5. COOKIES AND SIMILAR TECHNOLOGIES
ESG.AI uses cookies and similar technologies such as pixel tags, web beacons, session storage objects, local storage objects, clear GIFs, JavaScript and logs (collectively “Cookies”) to enable our servers to recognize your device and tell us how and when you visit and use our Services, as well as to analyze trends, learn about our users, and operate and improve our Services.
Cookies are small pieces of data – usually text files – placed on your device when you use that device (such as a computer, phone or tablet) to visit our Services. They are designed to hold a modest amount of data specific to a particular device and website, and can be accessed either by our servers or your device. Cookies allow our servers to deliver our Services and our websites in a manner that is tailored to a particular user. We may also supplement the information we collect from you with information received from third-parties, including third-parties that have placed their own Cookies on your device(s).
Cookie Usage and Type. ESG.AI uses the following Cookies:
- Essential Cookies: Essential Cookies are required for providing you with features or portions of our Services that you have requested. For example, certain Cookies enable you to log into secure areas of our Services. Disabling these Cookies may make certain features of our Services or our entire Services unavailable.
- Functionality Cookies: Functionality Cookies are used to record your choices and settings regarding our Services, maintain your preferences over time, and recognize you when you return to our Services. These Cookies help us to personalize our content for you, greet you by name, and remember your preferences (such as your region or your language preference).
- Performance/Analytic Cookies: Performance/Analytic Cookies allow us to understand how a user uses our Services by collecting information on how often a user engages with a particular feature of our Services (such as pages or screens you view, how long you spent on a page or screen, the website you visited before visiting our website, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access). We use the statistics generated by these Cookies to internally to improve, test and enhance the features and functions of our Services.
- Marketing Cookies: Marketing Cookies collect data about your online activity and identify your interests so that we and our advertising partners can provide marketing that we believe is relevant to you. These Cookies are similar to Performance/Analytical Cookies and collect information on browsing habits of a user of our Services (such as such the website you visited before visiting our website, navigation paths between pages or screens, access times, and duration of access). These Cookies may be shared with other organizations, such as our advertising partners, who might use it with information about how you use other websites, including identifying shared interests and behaviors across groups of users who visit our (and other) websites.
Online tracking opt-outs. There are a number of ways you can opt-out of certain interest-based advertising and other online tracking activities, which we have summarized below.
- Blocking Cookies in your web browser. Most web browsers let you remove or reject Cookies, including Cookies used for interest-based advertising. Many web browsers accept Cookies by default until you change your settings. Please note that changing your cookie preferences in or for one web browser does not change your cookie preferences for all web browsers.
- Blocking advertising identifier use in your device settings. Your device may offer settings that enable you to make choices about the collection, use, or transfer of an advertising identifier associated with your device for interest-based advertising purposes.
- Using privacy plug-ins or browsers. You can block our Services from setting Cookies used for interest-based advertising by using a browser with privacy features or installing browser plugins and configuring them to block Cookies/trackers.
- You can choose your Performance/Analytic Cookies and Marketing Cookies when you first visit our website. You can use your browser settings to revise your Cookie consent preferences when you are using our Services.
- Platform opt out. Some third-party ad networks, including third-party advertisement agencies, advertisement technology vendors, and research firms, allow you to opt-out directly by using their opt-out tools. Some of these providers, and links to their opt-out tools, are:
- Google (AdWords): adsettings.google.com;
- Microsoft (Bing): about.ads.microsoft.com/en-us/resources/policies/personalized-ads; and
Some of these opt-out features are Cookie-based, meaning that when you use these opt-out features, an “opt-out” Cookie will be placed on your device indicating that you do not want to receive interest-based advertising from certain companies. If you delete your Cookies, use a different browser, or use a different device, you will need to renew your opt-out choice.
6. HOW WE USE PERSONAL DATA
We process Personal Data to operate, improve, understand, and personalize our Services. We use Personal Data for the following purposes:
- Service delivery, including to:
- provide, operate, improve, develop, and personalize our Services and our business, including testing, research, analysis and product development;
- satisfy the reason you provided the Personal Data to us, including responding to and fulfilling requests;
- communicate with you about our Services, including providing announcements, updates, or offers;
- provide support and assistance for our Services;
- create and manage your Account and/or other user profiles;
- customize website content and communications based on your preferences; and
- process orders, subscriptions, or other transactions.
- Research and development. We may create and use Aggregated Data, De-identified Data or other anonymous data from User Content and Personal Data we collect, for our business purpose. Our business purposes include analysis of the effectiveness of our Services, improvement or addition of features to our Services, and analysis of the general behavior and characteristics of users of our Services. We also use Aggregated Data, De-identified Data or other anonymous data for research purposes to help us and our business and research partners answer important questions about corporate trends and corporate performance and create a better experience for our users by identifying insights and providing new content and features.
Aggregated Data is data that has undergone a process whereby raw data is gathered and expressed in a summary form for statistical analysis. For example, raw data can be aggregated over a given time period, across individuals, or both, to provide statistics such as average, minimum, maximum, sum, and count. After the data is aggregated analysis can be performed to gain insights about particular data sets. When data is aggregated across a number of individuals, the resulting aggregation is considered anonymized such that it is no longer Personal Data.
De-Identified Data is data where all the personally identifiable information has been removed, rendering the data anonymous by stripping out information that would allow an individual’s identity to be determined from the remaining data. Data is “de-identified” to protect the privacy and identity of individuals associated with the data. De-identified Data is no longer Personal Data.
- Marketing and advertising. We may use Personal Data to send you marketing messages or advertise our Services, and we may use third-parties to assist us with our marketing or advertising campaigns.
- Interest-based advertising. We engage our advertising partners, including third party advertising companies and social media companies, to advertise our Services. We and our advertising partners may use Cookies and similar technologies to collect information about your interaction over time across the internet, our communications, and other online services, and may use that information to serve online ads. To learn more information and choices about interest-based advertisement, please see the provisions in section 5 above entitled “Online tracking opt-outs.”
- Compliance and protection, including to:
- protect against or deter fraudulent, illegal, or harmful actions and maintain the safety, security, and integrity of our Services;
- comply with our legal or contractual obligations, resolve disputes, and enforce our Terms of Use;
- audit our internal processes for compliance with legal and contractual requirements and internal policies;
- protect our, your, or others’ rights, privacy, safety, or property (including making and defending against legal claims); and
- respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
7. HOW WE SHARE PERSONAL DATA
We may share your Personal Data with:
- Service providers that provide services to us or on our behalf, such as Payment Processors, security and fraud prevention consultants, hosting and other technology and communications providers, analytics providers, our staff and contract personnel;
- Advertising partners that collect information on our website through Cookies and other automated technologies, including for the interest-based advertising purposes described above;
- Professional advisors, such as lawyers, auditors, accountants, bankers and insurers, where necessary in the course of the professional services they provide to us;
- Authorities and others, including law enforcement, government authorities, and private parties we believe in good faith to be necessary or appropriate to comply with the law or legal process; and
- Business transferees, such as acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale, or other disposition of all or any portion of the business or assets of, or equity interests in, ESG.AI or our affiliates (including, in connection with a bankruptcy or similar proceedings).
8. YOUR OPTIONS WITH RESPECT TO YOUR PERSONAL DATA
Access, update, or delete. When you log in to your Account, you may access, and, in some cases, edit or delete certain information you’ve provided to us, such as first and last name, username and password, email and mailing address, and other information in your profile. When you update information, however, we may maintain a copy of the unrevised information in our records.
You may request a full deletion of your account and corresponding Personal Data by emailing privacy@esg.ai. You will be asked to complete a Verification Form in connection with such deletion request in order to ensure that you have the authority to delete your Account. The Verification Form requires you to submit certain Personal Data to us. Generally, our Verification Form requires you to provide any or all of the following information:
- First and last names;
- Email address;
- Telephone number;
- Full residential address;
- A copy of certain identification documents; and/or
- Information about your interaction or relationship with us and/or your usage of our Services.
We may need to retain certain Personal Data in our records, as well as Aggregated Data or De-identified Data derived from or incorporating your Personal Data that does not identify you after you update or delete it.
Geolocation data. You may allow or disallow us to collect geolocation data by enabling or disabling location services on your device. If you decline to grant ESG.AI access to this data, we will not be able to provide certain portions of our Services to you.
Marketing communications. You have the ability to opt-out of marketing-related emails and other communications by going to our preferences management page, or by following the opt-out or unsubscribe instructions contained in the communications. You cannot opt-out of receiving certain non-marketing emails regarding our Services.
Online tracking opt-outs. There are a number of ways you can opt-out of certain interest-based advertising and other online tracking activities, which we summarize in provisions of section 5 above entitled “Online tracking opt-outs”.
9. DATA SECURITY AND RETENTION OF PERSONAL DATA
We employ a number of physical, technical, organizational, and administrative security measures designed to protect any Personal Data we collect. While we endeavor to protect the privacy of your Account and other Personal Data we hold in our records, no security measures are failsafe, and WE CANNOT AND DO NOT GUARANTEE THE SECURITY OF YOUR PERSONAL DATA.
We retain Personal Data for as long as reasonably necessary for the purposes described in this Privacy Policy, while we have a business need to do so, or as required by law (such as for tax, legal, accounting, audit or other purposes), whichever is longer.
10. CHANGES TO THIS PRIVACY POLICY
We are constantly trying to improve our Services, so we may need to change this Privacy Policy from time to time. We will alert you to changes by placing a notice on the ESG.AI website, by sending you an email, and/or by some other means. If you continue to use our Services after any changes to the Privacy Policy have been posted, your continued use means you agree to all changes to this Privacy Policy.
11. CONTACT US
If you have any questions or concerns regarding our privacy policies, please send us a detailed message at privacy@esg.ai or at the mailing address below.
ATTN: ESG.AI Privacy Officer
1021 W Hastings St
9th floor
Vancouver, BC V6E 0C3
Canada
12. PRIVACY NOTICE FOR CALIFORNIA RESIDENTS
This section 12 is a supplemental privacy notice to users in California, pursuant to the California Consumer Privacy Act of 2018 (“CCPA”). The CCPA provides California consumers with robust data privacy rights. These rights include the right to know, the right to delete, and the right to opt-out of sale of personal information that businesses collect, as well as additional protections for minors.
A “sale” under the CCPA is defined as “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or to a third party for monetary or other valuable consideration.” As described in section 5 above entitled “COOKIES AND SIMILAR TECHNOLOGIES”, we use Cookies and other tracking technologies to analyze traffic to and use of our Services, and to facilitate advertising. Our use of certain categories of Cookies may be considered sale of personal information under the CCPA. To limit use of Cookies and other tracking technologies, please review the instructions provided in provisions of section 5 above entitled “Online tracking opt-outs”. We do not otherwise sell your Personal Data.
California Privacy Rights. If you are a California resident, you have the following rights:
- Information: This Privacy Policy describes the types of Personal Data we collect (in section 3 above entitled “PERSONAL DATA WE COLLECT”), the sources through which we collect Personal Data (in section 2 above entitled “SOURCES OF PERSONAL DATA”) and the purposes for which we share this Personal Data (in section 6 and 7 above entitled “HOW WE USE PERSONAL DATA” and “HOW WE SHARE PERSONAL DATA”).
- Access: You can request a copy of the Personal Data that we maintain about you, as well as their use, disclosure or sale during a preceding 12-month period. You can also access portions of your Personal Data submitted as User Content by logging into your Account.
- Deletion: You can request to delete certain Personal Data that we have collected from you.
- Opt-out of sale of your Personal Data: We offer instructions on how to limit online tracking in provisions of section 5 above entitled “Online tracking opt-outs”. We do not otherwise sell your Personal Data.
You are entitled to exercise the rights described above free from discrimination. However, to the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.
Exercising your rights. To exercise these rights, you can:
- request access to or deletion of Personal Data collected via your use of our Services, please email us at privacy@esg.ai.
- opt-out of interest-based advertisements and other online tracking, see the “Online tracking opt-outs” section of the Privacy Policy.
To verify your identity prior to responding to your requests, we may ask you to confirm information that we have on file about you or your interactions with us and we may ask that you submit a Verification Form. Where we ask for additional Personal Data to verify your identity, we will only use any such additional Personal Data to verify your identity or your authority to make the request on behalf of another consumer.
Authorized agents: California residents can empower an “authorized agent” to submit requests to us on the resident’s behalf. Your authorized agent may submit requests in the same manner, although we may require the authorized agent to present signed written permission or signed power of attorney to act on your behalf, and you may also be required to independently verify your identity with us and confirm that you have provided the authorized agent permission to submit the request.
13. PRIVACY NOTICE FOR EUROPEAN RESIDENTS
This section 13 is a supplemental privacy notice to users who are a resident of the European Economic Area, the United Kingdom, or Switzerland (collectively, “Europe” or “European”), pursuant to the General Data Protection Regulation (the “GDPR”) or other European data protection legislation. The GDPR provides data protection rights to European residences and sets guidelines for the collection and processing of personal information from individuals who reside in Europe. The GDPR applies to any organization that offers goods or services to individuals in Europe, even if that organization is not based in Europe.
Controller and Representatives. ESG.AI will be the Controller of your Personal Data processed in connection with our Services. Our contact information is as follows:
ATTN: ESG.AI Privacy Officer
1021 W Hastings St
9th floor
Vancouver, BC V6E 0C3
Canada
You may also contact our representatives at privacy@esg.ai
Legal bases for processing. Section 6 above entitled “HOW WE USE PERSONAL DATA” explains how we use your Personal Data. We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity, our legitimate interests or the legitimate interest of others. However, the precise lawful basis will depend on the type of Personal Data and the specific context in which we process it.
The lawful bases we typically rely on for each category of processing activity listed in section 6 above entitled “HOW WE USE PERSONAL DATA” are set out below.
- Service delivery: Processing is necessary to perform our Services, or to take steps that you request prior to engaging our Services. Where we cannot process your Personal Data as required to operate our Services on the grounds of contractual necessity, we process your Personal Data for this purpose based on our legitimate interest in providing you with our Services which you access and request.
- Research and development: Processing is necessary to improve, test and enhance the features and functions of our Services.
- Marketing and advertising and Interest-based advertising: Processing is based on your consent where that consent is required by applicable law. Where such consent is not required by applicable law, we process your Personal Data for these purposes based on our legitimate interests in promoting our business.
- Compliance and protection: From time to time, we may also need to process your Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.
- Consent: To the extent that any Personal Data that you submit or that we collect is considered a special category of Personal Data subject to the GDPR, we ask for your explicit consent to process this data. You can use your Account settings to withdraw your consent at any time, including by stopping use of a feature of our Services, or deleting your data or your account. In addition, in some cases, such as when you direct us to share your Personal Data or when you submit or make available User Content which includes Personal Data, we process such Personal Data based on the consent you expressly grant to us at the time we collect such Personal Data.
We may use your Personal Data for reasons not described in this Privacy Policy where permitted by law and where the reason is compatible with the purpose for which we collected it. If we need to use your Personal Data for an unrelated purpose, we will notify you and explain the applicable legal basis.
Retention. To determine the appropriate retention period for your Personal Data, we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Data subject rights. You have certain rights with respect to your Personal Data, including:
- Access. You can request more information about the Personal Data we collect about you and request a copy of such Personal Data. You can also access portions of your Personal Data submitted by logging into your Account.
- Rectification. If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data.
- Erasure. You can request that we erase some or all of your Personal Data from our systems.
- Withdrawal of consent. If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time.
- Portability. You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
- Objection. You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for direct marketing purposes.
- Restriction of processing. You can ask us to restrict further processing of your Personal Data.
- Right to file complaint. You have the right to lodge a complaint about our practices with respect to your Personal Data with the supervisory authority of your country or European Economic Area Member State.
For more information about these rights, or to submit a request, please email privacy@esg.ai. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need to you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.
Processing of Personal Data in Canada. To provide our Services, we will process your Personal Data in Canada, where ESG.AI is based. If such processing involves the transfer of Personal Data to Canada in a manner governed by European data protection law, the transfer will be performed pursuant to the applicable requirements of the law, such as standard contractual clauses, the individual’s consent, or other circumstances permitted by European data protection law. If you would like to know more about any transfer of Personal Information and obtain copies of any relevant safeguarding measures, please contact us at privacy@esg.ai