Effective Date of this Privacy Policy: March 19, 2021

ESG PlayBook, Inc.

We take the privacy of our users very seriously. This Privacy Policy is a part of our Website Terms of Use and Master Subscription Agreement (and any other documents referred to in such Terms of Use or Master Subscription Agreement) it describes our policies on the personal data that we collect from you or that you provide to us in connection with your use of our products, including those offered through our internet-accessible means, e.g., websites, cloud-based products and emails (collectively, the “Site”). The terms “we”, “us”, “our” and “ESG” refer to ESG Playbook, Inc., a company registered in Delaware with its principal place of business at 101 Crawfords Corner Rd Suite 1206, Holmdel, NJ 07733. When you use the Site, you consent to our collection, use, and disclosure of information about you, including information that may be considered personal data, as described in this Privacy Policy. Please read this Privacy Policy carefully to understand how we will treat your personal data.

(b) information that you provide by filling in forms on the Site. This includes information provided at the time of registering to use our Site, subscribing to our product, posting material or requesting further services. We may also ask you for information when you report a problem with our Site;

(a) your general activity on the Site (e.g., your viewing history and search activity, including the date and time the Site was used);

III. We do not collect, and specifically request that you not send us or disclose to us through the Site or otherwise, any sensitive personal data including, for example, social security numbers, information related to racial or ethnic origin, political opinions, religious, philosophical, or other beliefs, information related to sex life or sexual orientation, health data, biometric or genetic characteristics, criminal convictions and offenses, or trade union membership.

(b) third parties including our service providers, business partners and companies that assist with payment processing, analytics, data processing and management (e.g. to measure ad quality and responses to ads, and to display ads that are more likely to be relevant to you) account management, hosting, customer and technical support, and other services which we use to personalize your Site experience.

4. How does ESG Playbook store your personal data?

We take appropriate measures to ensure that your personal data is kept secure, including preventing it from being accidentally lost or used or accessed in an unauthorized way. We limit access to your personal data to those who have a legitimate business need to view it.

Those processing your personal data will do so only in an authorized manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted through any online means.

5. Where will ESG Playbook store your personal data?

Your personal data may be stored and processed in any country where we have facilities or in which we engage service providers. By using the Site you understand that your information may be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries may be entitled to access your personal data.

Some of the non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en. For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, such as the use of standard contractual clauses adopted by the European Commission to protect your Personal Information. You may obtain a copy of these measures by clicking here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en .

6. What uses will be made of your personal data?

We rely on our legitimate interests (or those of a third party) as the lawful basis for collecting and using your personal data. Our legitimate interests relate to our mission is to help companies understand their sustainability risks and report on ESG (Environmental, Social, and Governance) factors using ESG Playbook’s reporting and analysis tools for automating your ESG data collection and reporting process, and providing other sustainability consultants products.

Specifically, we may use your personal data for our legitimate interests, which include the following circumstances:

(a) to operate, maintain and optimize the Site and your account;

(b) to ensure that content from our Site is presented in the most effective manner for you and for your computer;

(c) diagnose problems with and identify any security risks, errors or needed enhancements to the Site;

(d) collect aggregate statistics about use of the Site;

(e) analyze and develop our marketing strategy;

(f) to provide you with information or products that you request from us or which we feel may interest you, unless you have requested that you are not contacted for such purposes;

(g) to carry out our obligations arising from any contracts entered into between you and us;

(h) when it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those legitimate interests;

(i) if necessary, to protect the vital interests of you or another individual, or if it is necessary for a task carried out in the public interest;

(j) to allow you to participate in interactive features of our product, when you choose to do so;

(k) to provide data and analytics to research companies and marketers who may leverage the data to support the creation of their own market research reports based on proprietary data they collect via other sources (these parties will never have any idea whose data they are viewing, the only thing they see is a unique numeric identifier; no name or email is tied to this data); and

(l) to notify you about changes to our products.

The particular “legitimate interests” upon which we rely in processing your personal data include the following:

(a) for purposes of providing the Site to our customers: this includes using and/or obtaining information for purposes of enrolling in trial-based or subscription-based products and services, providing content and information to our customers, and providing customer support;

(b) for the purposes of marketing our services: this includes using your information for the purposes of promoting our business to you, if you request information about our products or indicate that you have an interest in receiving communications on products, if you respond to invitations to events;

You have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing at any time by contacting us (see “Contact Information”).

(c) for the functioning of our business and its operations: this includes using your personal data in the course of operating our business, collecting payments from customers, facilitating a business sale, acquisition or restructuring, or for seeking external legal advice.

7. Does ESG Playbook use Cookies and/or other tracking technologies?

I. Background

We use cookies and similar technologies (such as action tags, also known as beacons, or pixels tags) for a number of purposes, including to remember preferences, track conversions, improve your online experience, conduct marketing and promotional efforts, analyze site traffic and trends, and generally understand the online behaviors and interests of people who interact with our Site.

We use third-party advertising companies to serve advertisements on our behalf. These companies may use a cookie or an action tag to tailor the advertisements you see on this website and other sites, to track your response to their advertisement, to determine whether advertising has been served and to measure the effectiveness of their advertising.

We use third-party analytics service providers to assist us in collecting and understanding website usage information. We use information from these services to help us improve our website and the services we provide to our users.

By using the Site, you agree to our use of these tracking technologies.

II. What are cookies?

Cookies are small text files that are designed to store information on your computer. A cookie file is created when you use our Site and is processed by the software of your computer. The resulting text file is stored in your computer and it is accessed by your web browser when you visit the website that originally created the cookie.

For your reference, we set out below the wording we use in our cookie banner.

“We use cookies to improve your experience on our site. By continuing to use our site you accept our use of cookies. Please see our Privacy Policy for details.”

III. What are the types of cookies ESG Playbook uses?

The cookies we use help us improve our Site and do not contain any personal information that would allow us to identify you (such as your name or other contact details).

These are the cookies that may be used during your visit to the Site:

Session cookies: these are stored temporarily during a browsing session and are deleted from your device when the browser is closed. They are used to ensure your visit to our Site is as smooth as possible and allow us to identify your computer as you use the Site.

Persistent cookies: these are saved on your computer for a fixed period (usually one year or more) and are not deleted when the browser is closed. These help us remember you as a visitor each time you use the same computer to visit the Site.

Analytics cookies: these allow us to recognize and count the number of visitors and to see how visitors move around our Site when they are using it. This helps us to continuously improve the way our Site works, for example, by ensuring that users can find what they are looking for easily.

Targeting cookies: these record your visit to our Site, the pages you have visited and the links you have followed. We will use this information to make our advertisement more relevant to your interests. We may also share this information with third parties for this purpose.

Please note that third parties (including, for example, providers of external services like web traffic analysis services) may also have access to these cookies, over which we have no control. These cookies are likely to be analytical cookies.

III. How to disable cookies?

To control cookies, you can modify your settings in most web browsers to accept or deny cookies or to request your permission each time a site attempts to set a cookie. You can also manually delete previously stored cookies at any time. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our Site. Information on how to remove cookies can be found at: http://www.allaboutcookies.org/manage-cookies/.

IV. How to contact ESG Playbook?

If you have any questions about this cookie policy, please contact us (see “Contact Information”).

8. How and When may ESG Playbook disclose your personal data?

I. We may disclose your personal data the following third parties:

(a) ESG Playbook organizations that receive the personal data provided in intake forms;

(b) third parties, including our partners, and other organizations that are aligned with our mission;

(c) our external third-party service providers;

(d) if we are under a duty to disclose or share your personal data to comply with any legal obligation, or to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of ESG, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction; and

(e) others with your explicit consent.

II. We may also share information about you in the following contexts:

(a) We may investigate and disclose information from or about you if we have a good faith belief that such investigation or disclosure (a) is reasonably necessary to comply with legal process and law enforcement instructions and orders, such as a search warrant, subpoena, statute, judicial proceeding, or other legal process served on us; (b) is helpful to prevent, investigate, or identify possible wrongdoing in connection with the Site; or (c) protects our rights, reputation, property, or that of our users, affiliates, or the public.

(b) We may share information from or about you with our parent companies, subsidiaries, joint ventures, or other companies under common control, in which case we will require them to honor this Privacy Policy. If another company acquires ESG or all or substantially all of our assets, that company will possess the same information, and will assume the rights and obligations with respect to that information as described in this Privacy Policy.

(c) We frequently aggregate personal data in a way that makes it impracticable to use that data to identify a particular person; we also sometimes maintain individual data records with personal identifiers removed, and maintain in a manner in which it is impracticable to relink it to any particular individual. In this Privacy Policy, we refer to such data as “Anonymized Data” and do not consider it to be personal data. We may use Anonymized Data in order to create statistical information regarding the Site and its use, which we may then share with third parties.

9. Does ESG Playbook alter its practices based on “Do Not Track” signals?

Yes. If your browser settings may allow you to automatically transmit a “Do Not Track” signal to websites and online services you visit, the Site will alter its practices when it receives a “Do Not Track” from a visitor’s browser.

10. How does ESG Playbook Control your personal data?

As described above, in order to process your personal data, we rely on your consent or our legitimate interests to process your data. You may withdraw your consent or object to the use of our personal data at any time, but you may no longer be able to access the Site.

Please note that the Site may contain links to unaffiliated third-party sites. We suggest you read the privacy policies on or applicable to all such third-party services.

You can adjust your privacy settings by contacting us. If you receive a marketing email from us, you can unsubscribe from such emails at any time by following the instructions provided within those emails.

11. What ESG Playbook may do after termination of your Account?

You can close your account by following the appropriate links on our Site, or by contacting us (see “Contact Information”). Once your account is closed, no further data will be collected, but we may retain information about you for the purposes authorized under this Privacy Policy, unless prohibited by law.

You can update or correct personal information (e.g., your email address) by accessing your account. You can also access or rectify your information by contacting us (see “Contact Information”). You can delete your information by contacting us (see “Contact Information”) with your first name, last name, and the respective email addresses you would like for us to delete.

Please note that we have the right to reject deletion requests that are unduly burdensome or repetitive or that cannot be honored in light of legal obligations or ongoing disputes, or where retention is necessary to enforce our agreements or protect our or another party’s rights, property, safety, or security.

12. How long will ESG Playbook keep your personal data?

We will hold your personal data for as long as necessary to fulfil the purposes we collected it for and consistent with applicable law. To determine the appropriate retention period we consider the amount, the nature and sensitivity of the personal data, the potential risks of harm from unauthorized use or disclosure, the purposes and whether we can achieve those purposes by other means. We will delete it if we identify it as no longer being needed or if you send us a written request to do so.

We may maintain Anonymized Data after you delete your account for analytics purposes

13. Where does ESG Playbook keep your personal data and how will it handle your personal data?

This website is owned and operated by ESG Playbook, which is located in New Jersey. Please note that personal data will be processed in the cloud by our cloud service provider, which offers sufficient guarantees to implement appropriate technical and organizational safeguards that meet the GDPR’s standards. We have a data processing agreement in place with our cloud service provider consistent with the requirements of the GDPR and, in the event of any unauthorized access to, or use of, personal data, the appropriate authorities will be notified. All information is transmitted to us by our cloud service provider, will be processed in the United States, and will be handled and protected under the terms of this Privacy Policy and applicable US laws and regulations, which may not be as protective as the laws in your country. By using the Site, you agree to this.

14. What rights do California users have with regard to the personal data collected and maintained by ESG Playbook?

Individual California Users may request information about our disclosures of certain categories of personal data to third parties for such third parties’ direct marketing purposes.

We may disclose personal data to third parties, which may use this information for all purposes outlined in this Privacy Policy. Individual California Users must submit their requests to us by email by contacting us as described below (see “Contact Information”):

We will provide a list of the categories of personal data disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of these third parties. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the email or mailing address specified in this section.

15. What rights may European users have with regard to the personal data collected and maintained by ESG Playbook?

If you are a user located in Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden or the United Kingdom (collectively, the “European Economic Area” or “EEA”), you have several important rights under the GDPR. In summary, these include rights to:

(a) access your personal data;

(b) require us to correct any mistakes in your information which we hold;

(c) request the erasure of personal data concerning you in certain situations;

(d) request the data to be transferred to a third party in certain situations;

(e) object at any time to processing of personal data concerning you for direct marketing;

(f) object in certain other situations to our continued processing of your personal data;

(g) otherwise restrict our processing of your personal data in certain circumstances; and

(h) claim compensation for damages caused by our breach of any data protection laws.

For further information on these rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individual rights under the GDPR.

If you would like to exercise any of the above rights, please contact us (see “Contact Information”). We will respond to your request consistent with applicable law. In your request, please make clear what personal data you would like to have changed, whether you would like to have your personal data suppressed from our database or otherwise let us know what limitations you would like to put on our use of your personal data. For your protection, we may only implement requests with respect to the personal data associated with the particular email address that you use to send us your request, and we may need to verify your identity and obtain other relevant information before implementing your request. We will undertake our best efforts to comply with your request as soon as reasonably practicable and as required by law.

If you are a user in the EEA, you may lodge a complaint with a data protection authority for your country or region, or where an alleged infringement of applicable data protection law occurs. See http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.

16. How to contact ESG Playbook if you have a complaint?

We hope that we can resolve any query or concern you raise about our use of your personal data by contacting us (see “Contact Information”).

The GDPR also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or EEA) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at ico.org.uk/concerns or telephone: 0303 123 1113.

17. May children use the Site?

No. The Site is not directed to children under 16 and children under 16 are not permitted to use the Site. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data without parental consent, please contact us (see “Contact Information”). If we become aware that a child under 16 has provided us with personal data without parental consent, we take steps to remove such information and terminate the applicable account.

18. How will ESG Playbook notify you regarding changes to this Privacy Policy?

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. You can see when it was last updated by looking at the effective date at the top of this page. Your continued use of the Site after a revision to the Privacy Policy indicates your acceptance and agreement to the current Privacy Policy. We recommend that you periodically review the Privacy Policy to make sure you understand and are up-to-date on how we’re keeping your information safe.

19. What is ESG Playbook’s contact information?

Questions and requests regarding this privacy notice should be addressed to compliance@esgplaybook.com.