Privacy Policy ESG ISA

1. Responsible Party

ESG ISA is responsible for the data processing described below in accordance with the data protection regulations.
If you would like us to contact you, email your request to info@esgisa.org.

2. Server log files

When you visit our website, so-called usage data is temporarily evaluated on our web server for statistical purposes as a log in order to improve the quality of our websites.

This data record consists of:

the name and address of the requested content,
the date and time of the request,
the amount of data transferred,
the access status (content transferred, content not found),
the description of the web browser and operating system used,
the referral link, which indicates the page from which you came to ours,
the IP address of the requesting computer, which is shortened so that a personal
reference can no longer be established.
The aforementioned log data is only evaluated anonymously.

3. SSL and TLS encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. enquiries to the controller). You can recognise an encrypted connection by the “https://” character string and the lock symbol in the browser line.

4. Strictly necessary cookies

We use cookies on our websites. Cookies are small text files that are stored on your terminal device and can be read. A distinction is made between session cookies, which are deleted again as soon as you close your browser, and permanent cookies, which are stored beyond the individual session.
We use cookies on our websites that are necessary for the operation of our websites. These cookies only contain information about certain settings and are not personal. They may also be necessary to facilitate user navigation and to ensure the security of the site. We use cookies that are necessary for the operation of the website, not for analysis, tracking or advertising purposes. We use these cookies on the basis of Art.

6 (1) lit. f DSGVO in the legitimate interest of ensuring the functionality of our website. You can configure your browser so that it informs you about the placement of cookies. This makes the use of cookies transparent for you. You can also delete
cookies at any time via the browser settings and prevent the setting of new cookies. Please note that our websites may then not be displayed and some functions may no longer be technically available.

5. Typeform

We use the service provider TYPEFORM SL, C/Bac de Roda, 163 (Local), 08018 Barcelona, Spain for our ESG rating. This allows us to provide you with a score and
give you feedback. TYPEFORM uses cookies with different validity periods to collect information about the end device.
The legal basis for these processing operations is your consent pursuant to Art. 6 (1) lit. a DSGVO. You can revoke your consent to the processing of your personal data at any time.
Further information on the Typeform terms of use and data protection regulations can be found at: https://admin.typeform.com/to/dwk6gt/?typeform-source=www.typeform.com

6. Contact

6.1. Contact Form

You can send us an inquiry at any time using the contact form on our website. To use the message function, you must enter your first and last name and your email address. We use this data based on Art. 6 (1) lit. f GDPR to respond to your message. If your message serves to conduct pre-contractual measures, Art. 6 (1) lit. b GDPR may also be taken as the legal basis. You are able decide for yourself whether you would like to provide us with any information above and beyond this. You provide this information voluntarily; it is not absolutely necessary to be able to contact us. Processing of the data that you provide voluntarily is based on Art. 6 (1) lit. a GDPR. You are able to withdraw your consent at any time with effect for the future.

6.2. Contact via E-mail

If you send us an email to the addresses provided on our website, the data will be processed depending on the content of the message. The legal basis can then be your consent, the necessity for the fulfilment or initiation of a contract, the fulfilment of a legal obligation or our legitimate interest. The storage period results equally from the content of the message.

7. Social media

We have a presence online in social networks to enable us to communicate with the users active there and to provide information about our organisation. When you visit our website, no direct connection will be established between your browser and the servers of the respective social network.
However, if you click on the “Share” button (plugin) of the respective social network, a new browser window will open and redirect you to your user account if you are logged in there. A direct connection is established between your browser and the server belonging to the respective social network via the plugin in this way. The social network is then notified that you visited our website using your IP address. We hereby explicitly advise that we have no knowledge whatsoever of the content of any (personal) data transmitted, nor do we know how it is used by the respective social network. For details of the forms of processing and the options to object to this, see the privacy policies and information provided by the operators of the social
networks. Our website uses functions of the LinkedIn network, which is provided by LinkedIn Co., 2029 Stierlin Court, Mountain View, CA 94043, USA. For more information, see LinkedIn’s privacy policy:  www.linkedin.com/legal/privacy-policy

8. Embedded videos

We embed videos on our website that are not stored on our servers. Accessing our website with embedded videos leads to the content of the third-party provider who provides the videos being reloaded. This provides the third-party provider with the
information that you have accessed our website as well as the usage data technically required in this context. We have no influence on the further data processing by the third-party provider. However, when embedding the videos, we made sure to activate the extended data protection mode offered by the third-party provider. The extended data protection mode means that the third-party provider does not set any cookies. The embedding is based on Art. 6 (1) lit. f GDPR and in the interest of making our site as appealing and informative as possible.

Provider Adequate level of data protection

Options to object

No adequate level of data protection

If you wish to object to the embedding, please stop using our site.

9. Newsletter

You can subscribe to a newsletter on our website. Please note that we require certain data for the subscription in order to send you the desired information. The newsletter will only be sent if you have given us your consent in accordance with Art. (1) lit. a GDPR. After you have subscribed to the newsletter on our website, you will receive a confirmation e-mail at the e-mail address you have provided (so-called double opt-in). You can revoke your consent at any time. You can easily revoke your consent by clicking on the unsubscribe link in every newsletter. When you subscribe to the newsletter, we store further data in addition to the data already mentioned, insofar as this is necessary for us to prove that you have subscribed to our newsletter. This may include storing the full IP address at the time of ordering or confirming the newsletter, as well as a copy of the confirmation email we send. The data processing is based on Art. para. 1 lit. f GDPR and is carried out  in the interest of being able to account for the lawfulness of the newsletter dispatch.

10. Member area

If you wish to use our member area, prior registration for the member area is necessary. We only collect the data required for registration. The processing is carried out on the basis of Art. 6 (1) lit. b GDPR or on the basis of Art. 6 (1) lit. f GDPR in the interest of providing you with the services and information of the member area. If we collect additional data, this is marked as voluntary and is based on your consent in accordance with Art. 6 (1) lit. a GDPR. Detailed information on the processing of your data in connection with the member area is available here.
If you wish to permanently unsubscribe from our member area, please use the unsubscribe option that we provide in the member area.

11. Retention period

Unless we have already informed you in detail about the storage period, we delete personal data when they are no longer required for the aforementioned processing purposes and legal retention obligations do not prevent deletion.

12. Your rights as the data subject

With regard to the data processing detailed here, you are entitled to various rights as the data subject which are regulated in the EU’s General Data Protection Regulation (GDPR):

• Right of access (Art. 15 GDPR): You have the right to obtain confirmation from the controller as to whether personal data concerning you is being processed.
• Right to rectification (Art. 16 GDPR): You have the right to ask the controller to rectify any inaccurate personal data concerning you without undue delay.
• Right to erasure (Art. 17 GDPR): You have the right to ask the controller to erase personal data concerning you without undue delay.
• Right to restriction of processing (Art. 18 GDPR): You have the right to ask the controller to restrict processing if one of the conditions detailed in Art. 18 GDPR applies.
• Right to data portability (Art. 20 GDPR): You have the right to receive the personal data concerning you that you have provided to a controller in a structured, commonly used and machine-readable format if one of the conditions detailed in Art. 20 GDPR applies.
• Right of withdrawal (Art. 7 GDPR): Pursuant to Art. 7 (3) GDPR, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
• Right to object (Art. 21 GDPR): If data is collected on the basis of Art. 6 (1) lit. f GDPR or Art. 6 (1) lit. e GDPR, you have the right to object to the processing of personal data at any time for reasons arising from your particular situation.
• Right to lodge a complaint (Art. 77 GDPR): Without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a supervisory authority. You can contact the supervisory authority in your habitual place of residence or our company headquarters to this end.

The supervisory authority competent for ESG ISA is:
Bayerische Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91504 Ansbach
Phone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
Email: poststelle@lda.bayern.de

13. Data protection officer

Our data protection officer can gladly advise on data protection matters:

Data Protection Officer
Keltenring 15
82041 Oberhaching, Germany
privacy@esgisa.org

Last updated: July 2023