ESGgen Privacy Policy

Updated: January 1st , 2023

ESGgen Limited (“ESGgen”, “we“, “our“, or “us“) respects your privacy and is committed to protecting your personal information.


This privacy policy sets out how we collect, use and share data that identifies and is related to you (“personal information“) as a result of your, or your employer’s or other engaging entity’s (your “Engaging Entity”) use of our services, our website at and our web portal (the “Site“), or other interactions with us for business purposes.

It applies to all individuals who may interact with us for the purposes of using or enquiring about our services (you” or, “your”).

It also explains your rights in relation to your personal data and how to contact us or a relevant regulator in the event you have a complaint.


ESGgen Limited is a provider of an accounting platform for organisations to comply with their ESG related requirements, having its registered address at 7-9 The Avenue, Eastbourne, East Sussex, United Kingdom, BN21 3YA.

ESGgen is the data controller of the personal information we hold about you. Our ICO Registration Number is ZB294532.

If you have any questions about this policy or our approach to privacy, please contact our data privacy manager at


We may collect and hold some or all of the personal information set out below, depending on your and your Engaging Entity’s use of our Site and services:

  • Account information – username, password, communication preferences, answers to security questions to check your identity;
  • Contact information – name, title, home address, email address, phone number;
  • Correspondence and communications information – information contained in your emails, messages, and other communications with us;
  • ID information – any personal description, photograph, driver’s licence, passport;
  • Marketing preferences – your marketing preferences and consents;
  • Location information – if you are using a device that has GPS enabled, we will collect information about your location;
  • Technical information – data relating to your device including the IP address, browser type, internet service provider, device identifier, your login information, time zone setting, browser plug-in types and versions, preferred language, activities, operating system and platform, and geographical location;
  • Usage information – data relating to your usage of our Site and/or our App – URL, clickstream to, through and from the Site, pages you viewed and searched for, page response times, length of visits to certain pages, referral source/exit pages, page interaction information (such as scrolling, clicks and mouse-overs), date and time pages are accessed, Site navigation and search terms used; and
  • Payment information – data relating to your payment card and bank account.


We may collect your personal information when:

  • you use our services;
  • communicate with us (whether through email or by phone); and
  • you Engaging Entity provides us with such personal information in order to use our services.

More generally, we:

  • collect personal information that you voluntarily submit to us, such as your Account information and Contact information, when you register with us, use our Site and our services, or otherwise interact with us in the course of our business activities; 
  • collect personal information that you are required to provide us as part of our account creation and client onboarding procedures, such as your ID information;
  • collect personal information from publicly accessible sources, e.g., Companies House and social media websites;
  • collect personal information about you from third parties, such as sanctions screening providers, credit reference agencies or due diligence providers;
  • collect personal information about you from a third party with your consent, e.g., your or your Engaging Entity’s bank or building society; and
  • may also collect certain personal information automatically, including in relation to how you access and use our Site and/or services, technical information regarding the device you use to access our Site and/or services. We may also automatically record telephone calls when you contact our customer services team by phone.

The table at Annex 1 sets out the categories of personal information we collect about you and the purposes for which we use that information. The table also lists the legal bases which we rely on to process your personal information.

We will indicate to you where the provision of certain personal information is required in order for us to provide you with certain features of the Site and/or our services. If you choose not to provide such personal information, we may not be able to provide you with access to certain aspects of the Site and/or services.


We will store the personal information we collect about you for no longer than necessary for the purposes set out in Annex 1 in accordance with our legal obligations and legitimate business interests.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.


We may also share your personal information with the following (as required in accordance with the uses set out in Annex 1):

  • Service providers and advisors: we may share your personal information with third party vendors and other service providers that perform services for us or on our behalf, which may include providing mailing, advertising, data hosting, CRM, IT system administration, payment, and analytics services.
  • Professional advisors: we may share your personal information with our lawyers, accountants, insurers, and other professional advisors to the extent we need to (for example, to defend ourselves against legal claims).
  • Purchasers and third parties in connection with a business transaction: your personal information may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganisation, financing, change of control or acquisition of all or a portion of our business.
  • Law enforcement, regulators, governmental authorities and other parties for legal reasons: we may share your personal information with third parties as required by law or if we reasonably believe that such action is necessary to (i) comply with financial or tax reporting obligations; (ii) comply with the law and the reasonable requests of law enforcement; (iii) detect and investigate illegal activities and breaches of agreements; and/or (iv) exercise or protect the rights, property, or personal safety of ESGgen or others.
  • Other members of the ESGgen group: we may share your personal information with our affiliates (for example, where they provide services on our behalf) or where such sharing is otherwise necessary in accordance with the uses set out in Annex 1.

In addition, we may share your personal information with other third parties if you have provided your consent for us to do so.


From time to time, we may contact you with information about ESGgen, including for the purposes of sending you marketing messages, inviting you to events we believe may be of interest to you and asking for your feedback.

Where you are an individual subscriber (that is, a recipient with a non-corporate email address) with whom we have not previously engaged in the context of providing our services, we need your consent to send you unsolicited email marketing. Where you provide consent, you can withdraw your consent at any time, but without affecting the lawfulness of processing based on consent before its withdrawal.

Where consent is not required under applicable law (for example, email marketing to corporate email address, or where we have previously engaged with you in the context of providing our services, and you have not opted out of receiving our marketing communications), it is in our legitimate interests to market our services. We consider this use to be proportionate and will not be prejudicial or detrimental to you.

We also participate in interest-based advertising and use third party advertising companies to serve you targeted advertisements based on your online browsing history and your interests. To do this, we or our advertising partners may collect information about how you use or connect to the Website, or the types of other websites, social media services, content and ads that you (or others using your device) visit or view or connect to our Website so that we or our advertising partners may play or display ads on the Website, on other websites, apps or services you may use, and on other devices you may use.

To learn about interest-based advertising and how you may be able to opt-out of some of this advertising and to limit some third party advertising cookies, you may wish to visit:

You have the right to opt out of receiving marketing communications at any time by contacting us at


Security. We implement appropriate technical and organisational measures to protect your personal information against accidental or unlawful destruction, loss, change or damage. For example, we use, as appropriate, firewalls, access controls, policies and other procedures to protect information from unauthorised access.

International Transfers of your Personal Information. We may transfer your personal information to countries outside of the United Kingdom (“UK“) and the European Economic Area (“EEA“), for example, to ESGgen group members or third party service providers located in third countries. In some cases, this might result in your personal information being transferred to a country not recognised as having an adequate level of protection for personal data. Such international transfers of your personal information will be made pursuant to appropriate safeguards, such as the international data transfer agreement adopted by the UK government. If you wish to enquire further about the safeguards used, please contact us using the details set out at the end of this privacy policy.


In accordance with applicable privacy law, you have the following rights in respect of your personal information that we hold:

  • Right of access. You have the right to obtain access to your personal information.
  • Right of portability. You have the right, in certain circumstances, to receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person.
  • Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal information we hold about you without undue delay.
  • Right to erasure. You have the right, in some circumstances, to require us to erase your personal information without undue delay if the continued processing of that personal information is not justified.
  • Right to restriction. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you.
  • Right to object. You have a right to object to the processing we carry out on the basis of legitimate interests in certain circumstances. You can also object to our direct marketing activities for any reason by clicking the “unsubscribe” link set out in any marketing communication you receive.
  • Right to withdraw consent. If you have provided consent to any processing of your personal information, you have a right to withdraw that consent.

Please note that the above rights are not absolute, and we may be entitled to refuse requests, wholly or partly, where exceptions under the applicable law apply.

If you wish to exercise one of these rights, please contact us using the contact details at the end of this privacy policy.

If you are in the UK or EEA, you also have the right to lodge a complaint to your national data protection authority. The relevant data protection authority in the UK is the Information Commissioner’s Office (“ICO“). Information on how to make a complaint to the ICO is available at


We use cookies and similar technologies on the Site for various purposes, including improving your experience of the Site. For more information about cookies and why we use these, please refer to our Cookies Policy [insert link].


Our Site may, from time to time, contain links to and from third party websites, including those of other news publications and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to those websites.


The Site is not intended for or directed at children under the age of 18 years, and we do not knowingly collect information relating to children under this age.


We may update this privacy policy from time to time and so you should review this page periodically. When we change this privacy policy in a material way, we will update the “last modified” date at the end of this privacy policy. Changes to this privacy policy are effective when they are posted on this page.


If we need to provide you with information about something, whether for legal, marketing or other business related purposes, we will select what we believe is the best way to get in contact with you. We will usually do this through email or by placing a notice on the Site.


Please contact our data privacy manager at if you have any questions, comments, and requests regarding this privacy policy.

This privacy policy was last modified on the 30 January 2023.


Category of personal information

How we use it

Legal basis for processing

Contact information, Account information

To register you/your Engaging Entity for our services.

Performance of a contract.

Administration of account (including sending you information regarding purchases, changes to our policies, other terms, and other administrative information).

Performance of a contract.

Contact information, Account information

To provide you/your Engaging Entity with the services we make available through the Site, (including carrying out ESG audits and preparing reports).

Performance of a contract.

Correspondence and communications information, Contact information

To respond to queries and complaints and provide you with information and materials that you request from us.

It is in our legitimate interests to respond to your queries and provide any information and materials requested in order to maintain good customer relations.

Payment information, Account information, Contact information

To process any purchases, you make on the Site.

Performance of a contract.

To maintain accounts and records in accordance with our retention procedures and as required under applicable law.

Compliance with a legal obligation.

Contact information, Marketing preferences

Marketing and advertising (including sending you newsletters and measuring the effectiveness of our marketing).

Consent (if required under applicable law).

Where consent is not required under applicable law (for example, where you are an existing customer and have not opted out of receiving our marketing communications), such processing is necessary in our legitimate interests, namely, to develop and grow our business.

Account information, Technical information

To correct errors and problems with the Site.

It is in our legitimate interests to monitor our Site and services to ensure that they function properly and are secure.

To protect the security of systems and data.

To comply with our legal and regulatory obligations.

It is also in our legitimate interests to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us.

Technical information, Usage information

To provide localisation features, and to analyse your usage of the Site, including for the purposes of improving the Site and to ensure that content is presented in the most effective manner for you.


To provide you with advertising aligned with your interests and measures the effectiveness of such advertising.


Contact information

To enforce legal rights or defend or undertake legal proceedings.

It is in our legitimate interests or those of a third party, i.e., to protect our business, interests, and rights or those of others.

A “legitimate interest” is when we have a business or commercial reason to use your personal information, so long as this is not overridden by your own rights and interests. We carry out an assessment when relying on legitimate interests, to balance our interests against your own.